]> git.baikalelectronics.ru Git - arm-tf.git/commitdiff
projects / arm-tf.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1d867c1)
feat(zynqmp): protect eFuses from non-secure access
authorVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Fri, 29 Apr 2022 05:47:24 +0000 (08:47 +0300)
committerVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Fri, 29 Jul 2022 20:57:18 +0000 (23:57 +0300)
When configuration option ZYNQMP_SECURE_EFUSES is defined then Xilinx
ZynqMP's PS eFuses can only be accesses from secure state.

This enables eFuses to be reserved and protected only for security use
cases for example in OP-TEE.

Change-Id: I866905e35ce488f50f5f6e1b4667b08a9fa2386d
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
plat/xilinx/zynqmp/platform.mk patch | blob | history
plat/xilinx/zynqmp/pm_service/pm_defs.h patch | blob | history
plat/xilinx/zynqmp/pm_service/pm_svc_main.c patch | blob | history

diff --git a/plat/xilinx/zynqmp/platform.mk b/plat/xilinx/zynqmp/platform.mk
index ea8a5d1db7cea84f0ffcfd30f79e3218edeff86a..1f04a9517519e261579854efb98ffbeaa534ffcf 100644 (file)
--- a/plat/xilinx/zynqmp/platform.mk
+++ b/plat/xilinx/zynqmp/platform.mk
@@ -60,6 +60,10 @@ ifdef IPI_CRC_CHECK
     $(eval $(call add_define,IPI_CRC_CHECK))
 endif
 
+ifdef ZYNQMP_SECURE_EFUSES
+    $(eval $(call add_define,ZYNQMP_SECURE_EFUSES))
+endif
+
 PLAT_INCLUDES          :=      -Iinclude/plat/arm/common/                      \
                                -Iinclude/plat/arm/common/aarch64/              \
                                -Iplat/xilinx/common/include/                   \
diff --git a/plat/xilinx/zynqmp/pm_service/pm_defs.h b/plat/xilinx/zynqmp/pm_service/pm_defs.h
index d48df55173f4a91badf745f7987c63466b5dd01c..bf5ecfe05af2254c932862daeb1c390879fae616 100644 (file)
--- a/plat/xilinx/zynqmp/pm_service/pm_defs.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_defs.h
@@ -245,6 +245,7 @@ enum pm_opchar_type {
  * @PM_RET_SUCCESS:            success
  * @PM_RET_ERROR_ARGS:         illegal arguments provided (deprecated)
  * @PM_RET_ERROR_NOTSUPPORTED: feature not supported  (deprecated)
+ * @PM_RET_ERROR_NOT_ENABLED:  feature is not enabled
  * @PM_RET_ERROR_INTERNAL:     internal error
  * @PM_RET_ERROR_CONFLICT:     conflict
  * @PM_RET_ERROR_ACCESS:       access rights violation
@@ -258,6 +259,7 @@ enum pm_ret_status {
        PM_RET_SUCCESS,
        PM_RET_ERROR_ARGS = 1,
        PM_RET_ERROR_NOTSUPPORTED = 4,
+       PM_RET_ERROR_NOT_ENABLED = 29,
        PM_RET_ERROR_INTERNAL = 2000,
        PM_RET_ERROR_CONFLICT = 2001,
        PM_RET_ERROR_ACCESS = 2002,
diff --git a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
index a136ebce5de1bb27d553c8c200f1743c1d7799a9..f24387a431424ac72cb98975eb783bfa3341e596 100644 (file)
--- a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
@@ -520,6 +520,13 @@ uint64_t pm_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
        {
                uint32_t value;
 
+#if defined(ZYNQMP_SECURE_EFUSES)
+               if (is_caller_non_secure(flags)) {
+                       SMC_RET1(handle,
+                                (((uint64_t)PM_RET_ERROR_NOT_ENABLED) << 32) |
+                                (uint64_t)PM_RET_ERROR_ACCESS);
+               }
+#endif
                ret = pm_efuse_access(pm_arg[0], pm_arg[1], &value);
                SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
        }
Unnamed repository; edit this file 'description' to name the repository.