[Uboot-stm32] [PATCH 0/7] arm: cache: cp15: don't map reserved region with no-map property

Ahmad Fatoum a.fatoum at pengutronix.de
Fri Oct 9 19:12:55 CEST 2020


Hello Patrick,

On 10/9/20 5:52 PM, Patrick DELAUNAY wrote:
> I checked DACR behavior and CheckDomain /  CheckPermission
> 
> In my case the cortex A7 try to access to part of DDR / mapped cacheable and bufferable, protected by firewall.
> 
> So to use DACR I always need to configure the MMU with several Domain
> - unsecure part of DDR as Domain 0 (DCACHE_WRITEALLOC)
> - secure part of DDR as  Domain 1 (DCACHE_OFF)
> 
> For other part of MMU region, the I/O registers are mapped as register with Domain 0 (D_CACHE_OFF)
> 
> Then I can set DACR = 0x55555555
> => Client Accesses are checked against the access permission bits in the TLB entry
> 
> You ar right, the access permission is check only for domain configurated as client in DACR
> 
> But in ARM architecture
> 
> B2.4.8 Access permission checking
> 
> CheckPermission() pseudo code
> Only check perms.ap is checked
> And perms.xp is not checked 
> 
> But as the secure memory is mapped cacheable by secure OS, OP-TEE
> I think to avoid to map the region is the ARM preconized solution
> As explain in my answer to ard in [1]
> 
> [1] http://u-boot.10912.n7.nabble.com/PATCH-0-7-arm-cache-cp15-don-t-map-reserved-region-with-no-map-property-tt428715.html#a428958

I don't think the aliasing described in "A3.5.7 Memory access restrictions" applies if the
same memory is mapped twice only, once in secure and another in normal world.
Data is already segregated in the caches by means of a NS bit. Only thing you should need
to do within normal world is mapping it XN, cacheable and not be in manager domain.
Unmapping sounds unnecessary to me. (You don't unmap peripherals you aren't using either.
Why handle OP-TEE DRAM specially?)

Cheers
Ahmad

>  
>> Cheers
>> Ahmad
>>
>> --
>> Pengutronix e.K.                           |                             |
>> Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
>> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
>> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


More information about the U-Boot mailing list