ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

hw/arm/virt: Make first flash device Secure-only if booting secure 

If the virt board is started with the 'secure' property set to
request a Secure setup, then make the first flash device be
visible only to the Secure world.

This is a breaking change, but I don't expect it to be noticed
by anybody, because running TZ-aware guests isn't common and
those guests are generally going to be booting from the flash
and implicitly expecting their Non-secure guests to not touch it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1455288361-30117-5-git-send-email-peter.maydell@linaro.org
This commit is contained in:
Peter Maydell 2016-03-04 11:30:18 +00:00
parent 16f4a8dc5c
commit 738a5d9fbb
1 changed files with 49 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
hw/arm/virt.c
View File

@ -696,7 +696,8 @@ static void create_virtio_devices(const VirtBoardInfo *vbi, qemu_irq *pic)
} }
static void create_one_flash(const char *name, hwaddr flashbase, static void create_one_flash(const char *name, hwaddr flashbase,
hwaddr flashsize, const char *file) hwaddr flashsize, const char *file,
MemoryRegion *sysmem)
{ {
/* Create and map a single flash device. We use the same /* Create and map a single flash device. We use the same
* parameters as the flash devices on the Versatile Express board. * parameters as the flash devices on the Versatile Express board.
@ -723,7 +724,8 @@ static void create_one_flash(const char *name, hwaddr flashbase,
qdev_prop_set_string(dev, "name", name); qdev_prop_set_string(dev, "name", name);
qdev_init_nofail(dev); qdev_init_nofail(dev);
sysbus_mmio_map(sbd, 0, flashbase); memory_region_add_subregion(sysmem, flashbase,
sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0));
if (file) { if (file) {
char *fn; char *fn;
@ -749,26 +751,59 @@ static void create_one_flash(const char *name, hwaddr flashbase,
} }
} }
static void create_flash(const VirtBoardInfo *vbi) static void create_flash(const VirtBoardInfo *vbi,
MemoryRegion *sysmem,
MemoryRegion *secure_sysmem)
{ {
/* Create two flash devices to fill the VIRT_FLASH space in the memmap. /* Create two flash devices to fill the VIRT_FLASH space in the memmap.
* Any file passed via -bios goes in the first of these. * Any file passed via -bios goes in the first of these.
* sysmem is the system memory space. secure_sysmem is the secure view
* of the system, and the first flash device should be made visible only
* there. The second flash device is visible to both secure and nonsecure.
* If sysmem == secure_sysmem this means there is no separate Secure
* address space and both flash devices are generally visible.
*/ */
hwaddr flashsize = vbi->memmap[VIRT_FLASH].size / 2; hwaddr flashsize = vbi->memmap[VIRT_FLASH].size / 2;
hwaddr flashbase = vbi->memmap[VIRT_FLASH].base; hwaddr flashbase = vbi->memmap[VIRT_FLASH].base;
char *nodename; char *nodename;
create_one_flash("virt.flash0", flashbase, flashsize, bios_name); create_one_flash("virt.flash0", flashbase, flashsize,
create_one_flash("virt.flash1", flashbase + flashsize, flashsize, NULL); bios_name, secure_sysmem);
create_one_flash("virt.flash1", flashbase + flashsize, flashsize,
NULL, sysmem);
nodename = g_strdup_printf("/flash@%" PRIx64, flashbase); if (sysmem == secure_sysmem) {
qemu_fdt_add_subnode(vbi->fdt, nodename); /* Report both flash devices as a single node in the DT */
qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash"); nodename = g_strdup_printf("/flash@%" PRIx64, flashbase);
qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", qemu_fdt_add_subnode(vbi->fdt, nodename);
2, flashbase, 2, flashsize, qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash");
2, flashbase + flashsize, 2, flashsize); qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4); 2, flashbase, 2, flashsize,
g_free(nodename); 2, flashbase + flashsize, 2, flashsize);
qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4);
g_free(nodename);
} else {
/* Report the devices as separate nodes so we can mark one as
* only visible to the secure world.
*/
nodename = g_strdup_printf("/secflash@%" PRIx64, flashbase);
qemu_fdt_add_subnode(vbi->fdt, nodename);
qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash");
qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
2, flashbase, 2, flashsize);
qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4);
qemu_fdt_setprop_string(vbi->fdt, nodename, "status", "disabled");
qemu_fdt_setprop_string(vbi->fdt, nodename, "secure-status", "okay");
g_free(nodename);
nodename = g_strdup_printf("/flash@%" PRIx64, flashbase);
qemu_fdt_add_subnode(vbi->fdt, nodename);
qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash");
qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
2, flashbase + flashsize, 2, flashsize);
qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4);
g_free(nodename);
}
} }
static void create_fw_cfg(const VirtBoardInfo *vbi, AddressSpace *as) static void create_fw_cfg(const VirtBoardInfo *vbi, AddressSpace *as)
@ -1185,7 +1220,7 @@ static void machvirt_init(MachineState *machine)
machine->ram_size); machine->ram_size);
memory_region_add_subregion(sysmem, vbi->memmap[VIRT_MEM].base, ram); memory_region_add_subregion(sysmem, vbi->memmap[VIRT_MEM].base, ram);
create_flash(vbi); create_flash(vbi, sysmem, secure_sysmem ? secure_sysmem : sysmem);
create_gic(vbi, pic, gic_version, vms->secure); create_gic(vbi, pic, gic_version, vms->secure);