On 09/02/2016 12:40 AM, Daniel Allred wrote:
Adds start address and size config options for setting aside a portion of the EMIF memory space for usage by security software (like a secure OS/TEE). There are two sizes, a total size and a protected size. The region is divided into protected (secure) and unprotected (public) regions, that are contiguous and start at the start address given. If the start address is zero, the intention is that the region will be automatically placed at the end of the available external DRAM space.
Signed-off-by: Daniel Allred d-allred@ti.com
arch/arm/cpu/armv7/omap5/Kconfig | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
diff --git a/arch/arm/cpu/armv7/omap5/Kconfig b/arch/arm/cpu/armv7/omap5/Kconfig index a8600b1..25474ed 100644 --- a/arch/arm/cpu/armv7/omap5/Kconfig +++ b/arch/arm/cpu/armv7/omap5/Kconfig @@ -24,6 +24,32 @@ endchoice config SYS_SOC default "omap5"
+config TI_SECURE_EMIF_REGION_START
- hex "Reserved EMIF region start address"
- depends on TI_SECURE_DEVICE
- default 0x0
- help
Reserved EMIF region start address. Set to "0" to auto-selectto be at the end of the external memory region.
The secure image that is placed in this location (OPTEE OS for now) will probably not be relocatable, what happens when we add RAM to a board (some boards take regular ram sticks), will our secure world suddenly break? What do we gain from having the location auto-selected?
+config TI_SECURE_EMIF_TOTAL_REGION_SIZE
Instead of having the total combined size of both the protected and non-protected secure region then subtracting out the protected below to get the non-protected, why not have:
TI_SECURE_EMIF_PUBLIC_REGION_SIZE TI_SECURE_EMIF_PROTECTED_REGION_SIZE
then add the two to get the total region size? This would also remove some checks to make sure the total isn't smaller than one part, plus it removes the need for any mental math in figuring the size of the public region.
- hex "Reserved EMIF region size"
- depends on TI_SECURE_DEVICE
- default 0x0
- help
Total reserved EMIF region size. Default is 0, which means no reserved EMIFregion on secure devices.+config TI_SECURE_EMIF_PROTECTED_REGION_SIZE
- hex "Size of protected region within reserved EMIF region"
- depends on TI_SECURE_DEVICE
- default 0x0
- help
This config option is used to specify the size of the portion of the totalreserved EMIF region set aside for secure OS needs that will be protectedusing hardware memory firewalls. This value must be smaller than theTI_SECURE_EMIF_TOTAL_REGION_SIZE value.source "board/compulab/cm_t54/Kconfig" source "board/ti/omap5_uevm/Kconfig" source "board/ti/dra7xx/Kconfig"