Hi,
See few comments inline [OD].
Regards, Olivier.
________________________________________ From: Chenxu Wang via TF-A tf-a@lists.trustedfirmware.org Sent: 18 August 2022 21:36 To: Dan Handley Cc: tf-a@lists.trustedfirmware.org Subject: [TF-A] Re: A problem about TZASC in Armv9
Hi all,
I also want to ask a question: On a TZASC+RME FVP, can Realm access the TZC region which attribute is {TZC_REGION_S_RDWR, 0} ?
[OD] In general first level of protection is the GPC and S1/S2 MMU close to the PE, then eventually the legacy TZASC at the far end of the transaction in the memory controller. A component executing in Realm state will be prevented access to a secure region first because the GPT forbids it when properly configured (and the transaction doesn't reach the TZASC in this case).
In this case, TZASC does not allow the "NS=1" processor to access this region, because the NSAID bits is all zero But since Realm's SCR_EL3.NS is 1 (though NSE is 1), thus, maybe TZASC also denies the Realm access?
[OD] If a realm component accesses a region marked NS in the GPT, but marked secure in the TZASC, it should cause an external abort from the TZASC.
Actually, I try to read such a region in bl32/trp/trp_main.c (maybe it is a Realm component). It is not hung by TZC-400 but returns a value. So I feel a bit confused. Maybe I didn't enable TZASC? Or maybe some conflicts between TZASC and RME on FVP?
[OD] How did you choose the region, and verified it is effectively marked secure?
I use FVP with bp.secure_memory=1, cluster0.has_rme=1, cluster1.has_rme=1, the ATF is arm_cca_v0.2 branch (https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tag/?h=arm_cca_v...)
[OD] I wonder that this branch is very old. Any chance you can use upstream master with same build options?
Sincerely, WANG Chenxu
Chenxu Wang irakatz51@gmail.com 于2022年8月19日周五 01:44写道:
Hi Dan,
Thanks for your explanation!
Now I wonder how to configure the SMMU's GPT in TF-A. For example, how to configure GPT to control DMA peripheral? (Actually, I cannot give a good "peripheral" example on Arm FVP, just remember the DMA can be controlled by NSAID in TZASC)
Could you please show some codes in TF-A?
Sincerely, WANG Chenxu
Dan Handley Dan.Handley@arm.com 于2022年8月4日周四 00:21写道:
Hi
-----Original Message----- From: Chenxu Wang via TF-A tf-a@lists.trustedfirmware.org Sent: 15 July 2022 13:55
Greetings, Armv9 introduces the RME and GPT technology. The GPT will separates the memory into unlimited regions with specific attributes. However, when I read the Armv9 manual and source code of TF-A, I still have some problems:
- It seems that GPT is a feature on CPU, but not on a specific device
(e.g.,TZC-400). Thus, will GPT conflict with TZC-400? I mean, when performing VA->PA on RAM, what is the detailed process if I enable both GPT and TZC- 400?
In a production RME-enabled system, we expect all bus-initiating peripherals to be connected to the interconnect via a GPT-aware SMMU, so there should be no need for completer-side filtering IP like TZC-400. This is an RME system architecture requirement. The Arm Base FVP is a development platform that enables experimental RME support, but is not compliant to the RME system architecture. It includes TZC-400 for compatibility with legacy use-cases. Hence there is potential conflict between GPT programming and TZC-400 programming. GPT config is checked first as part of MMU/SMMU memory checks; TZC config is checked later downstream in the memory subsystem, just before the memory transaction completes.
- I use the Arm FVP with Armv9 and RME extension enabled, and TF-A is
"arm_cca" branch (with TF-A v2.5). Thus, in this version, what is the configuration for TZC-400 and GPT? Will it disable TZC-400 (I mean, GPT only) when booting Normal World?
Both TZC-400 (via plat/arm/board/fvp/fvp_security.c) and GPT (via include/plat/arm/common/arm_pas_def.h) are configured on Arm Base FVP. It's necessary to configure the root and realm memory regions as "secure" in the TZC to avoid spurious bus faults in the TZC when RME is enabled.
- Does GPT handle peripheral access (e.g., from DMA, GPU, Sensors...
etc.)? I know TZC-400 will do it with NSAID.
Not in the GPT itself, but all GPT-aware SMMUs can filter on StreamID, which identifies the peripheral.
- Will GPT configures Read/Write/Execute features?
Again, not in the GPT, but this is configured as part of the MMU/SMMU translation table access permissions (which are checked before the GPT).
Regards
Dan
-- TF-A mailing list -- tf-a@lists.trustedfirmware.org To unsubscribe send an email to tf-a-leave@lists.trustedfirmware.org