diff options
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a')
3 files changed, 48 insertions, 0 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch new file mode 100644 index 0000000000..2c634e350f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch @@ -0,0 +1,41 @@ +From 2d305094f8f500362079e9e7637d46129bf980e4 Mon Sep 17 00:00:00 2001 +From: Adam Johnston <adam.johnston@arm.com> +Date: Tue, 25 Jul 2023 16:05:51 +0000 +Subject: [PATCH] n1sdp: Reserve OP-TEE memory from NWd + +The physical memory which is used to run OP-TEE on the N1SDP is known +to the secure world via TOS_FW_CONFIG, but it may not be known to the +normal world. + +As a precaution, explicitly reserve this memory via NT_FW_CONFIG to +prevent the normal world from using it. This is not required on most +platforms as the Trusted OS is run from secure RAM. + +Upstream-Status: Pending (not yet submited to upstream) +Signed-off-by: Adam Johnston <adam.johnston@arm.com> +--- + plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts +index da5e04ddb6..b7e2d4e86f 100644 +--- a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts ++++ b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts +@@ -20,4 +20,16 @@ + local-ddr-size = <0x0>; + remote-ddr-size = <0x0>; + }; ++ ++ reserved-memory { ++ #address-cells = <2>; ++ #size-cells = <2>; ++ ranges; ++ ++ optee@0x08000000 { ++ compatible = "removed-dma-pool"; ++ reg = <0x0 0x08000000 0x0 0x02000000>; ++ no-map; ++ }; ++ }; + }; +\ No newline at end of file diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc index 008103469e..2b85b9dbd1 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc @@ -37,6 +37,7 @@ EXTRA_OEMAKE:append = " \ NR_OF_IMAGES_IN_FW_BANK=4 \ COT=tbbr \ ARM_ROTPK_LOCATION=devel_rsa \ + ERRATA_A35_855472=1 \ ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \ BL32=${RECIPE_SYSROOT}/lib/firmware/tee-pager_v2.bin \ LOG_LEVEL=50 \ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc index f4ebcc1c5f..654e43270f 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc @@ -9,6 +9,12 @@ TFA_MBEDTLS = "1" TFA_UBOOT = "0" TFA_UEFI = "1" +FILESEXTRAPATHS:prepend := "${THISDIR}/files/n1sdp:" + +SRC_URI:append = " \ + file://0001-Reserve-OP-TEE-memory-from-nwd.patch \ + " + TFA_ROT_KEY= "plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem" # Enabling Secure-EL1 Payload Dispatcher (SPD) |