diff options
| -rw-r--r-- | include/plat/arm/css/common/css_def.h | 18 | ||||
| -rw-r--r-- | plat/arm/css/drivers/scp/css_bom_bootloader.c | 13 |
2 files changed, 25 insertions, 6 deletions
diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h index 0b74cede..9d025f66 100644 --- a/include/plat/arm/css/common/css_def.h +++ b/include/plat/arm/css/common/css_def.h @@ -128,16 +128,22 @@ * an SCP_BL2/SCP_BL2U image. */ #if CSS_LOAD_SCP_IMAGES + +#if ARM_BL31_IN_DRAM +#error "SCP_BL2 is not expected to be loaded by BL2 for ARM_BL31_IN_DRAM config" +#endif + /* * Load address of SCP_BL2 in CSS platform ports - * SCP_BL2 is loaded to the same place as BL31. Once SCP_BL2 is transferred to the - * SCP, it is discarded and BL31 is loaded over the top. + * SCP_BL2 is loaded to the same place as BL31 but it shouldn't overwrite BL1 + * rw data. Once SCP_BL2 is transferred to the SCP, it is discarded and BL31 + * is loaded over the top. */ -#define SCP_BL2_BASE BL31_BASE -#define SCP_BL2_LIMIT (SCP_BL2_BASE + PLAT_CSS_MAX_SCP_BL2_SIZE) +#define SCP_BL2_BASE (BL1_RW_BASE - PLAT_CSS_MAX_SCP_BL2_SIZE) +#define SCP_BL2_LIMIT BL1_RW_BASE -#define SCP_BL2U_BASE BL31_BASE -#define SCP_BL2U_LIMIT (SCP_BL2U_BASE + PLAT_CSS_MAX_SCP_BL2U_SIZE) +#define SCP_BL2U_BASE (BL1_RW_BASE - PLAT_CSS_MAX_SCP_BL2U_SIZE) +#define SCP_BL2U_LIMIT BL1_RW_BASE #endif /* CSS_LOAD_SCP_IMAGES */ /* Load address of Non-Secure Image for CSS platform ports */ diff --git a/plat/arm/css/drivers/scp/css_bom_bootloader.c b/plat/arm/css/drivers/scp/css_bom_bootloader.c index e4a44fe6..047e0696 100644 --- a/plat/arm/css/drivers/scp/css_bom_bootloader.c +++ b/plat/arm/css/drivers/scp/css_bom_bootloader.c @@ -6,6 +6,7 @@ #include <arch_helpers.h> #include <assert.h> +#include <cassert.h> #include <css_def.h> #include <debug.h> #include <platform.h> @@ -44,6 +45,18 @@ typedef struct { uint32_t block_size; } cmd_data_payload_t; +/* + * All CSS platforms load SCP_BL2/SCP_BL2U just below BL rw-data and above + * BL2/BL2U (this is where BL31 usually resides except when ARM_BL31_IN_DRAM is + * set. Ensure that SCP_BL2/SCP_BL2U do not overflow into BL1 rw-data nor + * BL2/BL2U. + */ +CASSERT(SCP_BL2_LIMIT <= BL1_RW_BASE, assert_scp_bl2_overwrite_bl1); +CASSERT(SCP_BL2U_LIMIT <= BL1_RW_BASE, assert_scp_bl2u_overwrite_bl1); + +CASSERT(SCP_BL2_BASE >= BL2_LIMIT, assert_scp_bl2_overwrite_bl2); +CASSERT(SCP_BL2U_BASE >= BL2U_LIMIT, assert_scp_bl2u_overwrite_bl2u); + static void scp_boot_message_start(void) { mhu_secure_message_start(BOM_MHU_SLOT_ID); |