arm-bsp/trusted-firmware-m: corstone1000: Enable host firewall in FVP

Enables host firewall and mpu setup for FVP. It also fixes secure-ram configuration and disable access rights to secure ram from both normal world for both mps3 and fvp. Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-06-06 14:50:03 +00:00 · 2024-04-12 11:05:27 +01:00
parent 14f32eef69
commit 3715c698ec
2 changed files with 178 additions and 0 deletions
@@ -0,0 +1,177 @@
+From 1410dc5504d60219279581b1cf6442f81551cfe7 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Wed, 3 Apr 2024 13:37:40 +0100
+Subject: [PATCH] Platform: Corstone1000: Enable host firewall in FVP
+
+Enables host firewall and mpu setup for FVP. It also fixes secure-ram
+configuration and disable access rights to secure ram from both normal world
+for both mps3 and fvp.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../Device/Include/platform_base_address.h    |  2 +-
+ .../arm/corstone1000/bl1/boot_hal_bl1_1.c     | 42 ++++---------------
+ .../arm/corstone1000/bl2/flash_map_bl2.c      |  2 +-
+ 3 files changed, 11 insertions(+), 35 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
+index 416f0ebcd..101cad9e7 100644
+--- a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
+++ b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
+@@ -67,7 +67,7 @@
+  * required by the SE are defined here */
+ #define CORSTONE1000_HOST_ADDRESS_SPACE_BASE       (0x60000000U) /* Host Address Space                */
+ #define CORSTONE1000_HOST_BIR_BASE                 (0x60000000U) /* Boot Instruction Register         */
+-#define CORSTONE1000_HOST_SHARED_RAM_BASE          (0x62000000U) /* Shared RAM                        */
+#define CORSTONE1000_HOST_TRUSTED_RAM_BASE         (0x62000000U) /* Secure RAM                        */
+ #define CORSTONE1000_HOST_XNVM_BASE                (0x68000000U) /* XNVM                              */
+ #define CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE (0x7A010000U) /* Host SCB                          */
+ #define CORSTONE1000_EXT_SYS_RESET_REG             (0x7A010310U) /* external system (cortex-M3)       */
+diff --git a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
+index a5fee66af..7988c2392 100644
+--- a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
+++ b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
+@@ -35,7 +35,7 @@ REGION_DECLARE(Image$$, ER_DATA, $$Base)[];
+ REGION_DECLARE(Image$$, ARM_LIB_HEAP, $$ZI$$Limit)[];
+ 
+ #define HOST_ADDRESS_SPACE_BASE         0x00000000
+-#define HOST_SHARED_RAM_BASE            0x02000000
+#define HOST_TRUSTED_RAM_BASE           0x02000000
+ #define HOST_XNVM_BASE                  0x08000000
+ #define HOST_BASE_SYSTEM_CONTROL_BASE   0x1A010000
+ #define HOST_FIREWALL_BASE              0x1A800000
+@@ -347,7 +347,7 @@ static void setup_host_firewall(void)
+ 
+     fc_pe_enable();
+ 
+-    /* CVM - Shared RAM */
+    /* CVM - Secure RAM */
+     fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_CVM);
+     fc_disable_bypass();
+     fc_pe_disable();
+@@ -355,15 +355,12 @@ static void setup_host_firewall(void)
+     fc_select_region(1);
+     fc_disable_regions();
+     fc_disable_mpe(RGN_MPE0);
+-    fc_prog_rgn(RGN_SIZE_4MB, HOST_SHARED_RAM_BASE);
+    fc_prog_rgn(RGN_SIZE_4MB, HOST_TRUSTED_RAM_BASE);
+     fc_init_mpl(RGN_MPE0);
+ 
+     mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
+                                          RGN_MPL_SECURE_WRITE_MASK |
+-                                         RGN_MPL_SECURE_EXECUTE_MASK |
+-                                         RGN_MPL_NONSECURE_READ_MASK |
+-                                         RGN_MPL_NONSECURE_WRITE_MASK |
+-                                         RGN_MPL_NONSECURE_EXECUTE_MASK);
+                                         RGN_MPL_SECURE_EXECUTE_MASK);
+ 
+     fc_enable_mpl(RGN_MPE0, mpl_rights);
+     fc_disable_mpl(RGN_MPE0, ~mpl_rights);
+@@ -398,7 +395,9 @@ static void setup_host_firewall(void)
+ 
+     fc_pe_enable();
+ 
+-    /* Host Expansion Master 0 */
+#if !(PLATFORM_IS_FVP)
+    /* Host Expansion Master 0 (Due to the difference in the models only
+     * programming this for MPS3) */
+     fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0);
+     fc_disable_bypass();
+     fc_pe_disable();
+@@ -433,7 +432,6 @@ static void setup_host_firewall(void)
+     fc_enable_regions();
+     fc_rgn_lock();
+ 
+-#if !(PLATFORM_IS_FVP)
+     fc_select_region(3);
+     fc_disable_regions();
+     fc_disable_mpe(RGN_MPE0);
+@@ -461,16 +459,14 @@ static void setup_host_firewall(void)
+     fc_enable_mpe(RGN_MPE0);
+     fc_enable_regions();
+     fc_rgn_lock();
+-#endif
+ 
+     fc_pe_enable();
+ 
+-    /* Host Expansion Master 0 */
+    /* Host Expansion Master 1*/
+     fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1);
+     fc_disable_bypass();
+     fc_pe_disable();
+ 
+-#if !(PLATFORM_IS_FVP)
+     fc_select_region(1);
+     fc_disable_regions();
+     fc_disable_mpe(RGN_MPE0);
+@@ -484,22 +480,6 @@ static void setup_host_firewall(void)
+     fc_enable_mpe(RGN_MPE0);
+     fc_enable_regions();
+     fc_rgn_lock();
+-#else
+-    fc_select_region(1);
+-    fc_disable_regions();
+-    fc_disable_mpe(RGN_MPE0);
+-    fc_prog_rgn(RGN_SIZE_8MB, HOST_SE_SECURE_FLASH_BASE_FVP);
+-    fc_init_mpl(RGN_MPE0);
+-
+-    mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
+-                                         RGN_MPL_SECURE_WRITE_MASK);
+-
+-    fc_enable_mpl(RGN_MPE0, mpl_rights);
+-    fc_enable_mpe(RGN_MPE0);
+-    fc_enable_regions();
+-    fc_rgn_lock();
+-#endif
+-
+     fc_pe_enable();
+ 
+     /* Always ON Host Peripherals */
+@@ -527,7 +507,6 @@ static void setup_host_firewall(void)
+     }
+ 
+     fc_pe_enable();
+-
+     /* Host System Peripherals */
+     fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_SYSPERIPH);
+     fc_disable_bypass();
+@@ -553,6 +532,7 @@ static void setup_host_firewall(void)
+     }
+ 
+     fc_pe_enable();
+#endif
+ 
+     /* Host System Peripherals */
+     fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_DBGPERIPH);
+@@ -592,13 +572,9 @@ int32_t boot_platform_init(void)
+     if (result != ARM_DRIVER_OK) {
+ 	return 1;
+      }
+-#if !(PLATFORM_IS_FVP)
+         setup_mpu();
+-#endif
+         setup_se_firewall();
+-#if !(PLATFORM_IS_FVP)
+         setup_host_firewall();
+-#endif
+ 
+ #if defined(TFM_BL1_LOGGING) || defined(TEST_BL1_1) || defined(TEST_BL1_2)
+     stdio_init();
+diff --git a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
+index 2b1cdfa19..06cc3f0f5 100644
+--- a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
+++ b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
+@@ -70,7 +70,7 @@ int boot_get_image_exec_ram_info(uint32_t image_id,
+         rc = 0;
+     }
+     else if (image_id == 1 || image_id == 2) {
+-        (*exec_ram_start) = CORSTONE1000_HOST_SHARED_RAM_BASE;
+        (*exec_ram_start) = CORSTONE1000_HOST_TRUSTED_RAM_BASE;
+         (*exec_ram_size) = 0x20000000U;
+         rc = 0;
+     }
+-- 
+2.25.1
+
+
@@ -40,6 +40,7 @@ SRC_URI:append:corstone1000 = " \
    file://0005-platform-corstone1000-fix-synchronization-issue-on-o.patch \
    file://0006-Platform-Corstone1000-skip-the-first-nv-counter.patch \
    file://0007-platform-corstone1000-add-unique-guid-for-mps3.patch \    
+    file://0008-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch \
    "

 # TF-M ships patches for external dependencies that needs to be applied