Secure vs Non-secure addresses
- Certain devices are reachable at different addresses depending on whether the access is ���secure��� or ���non-secure���
- Need to express multiple addresses in Device Tree and System Device Tree for each device node
- Introducing ���secure-reg��� vs.��extending ���reg���
- Impact on ���simple-bus��� and its ranges property
- Impact on the CPU clusters��� ���address-map���
#address-cells = <0x1>;
#size-cells = <0x1>;
cpus-cluster@0 {
compatible = "cpus,cluster";
#address-cells = <0x1>;
#size-cells = <0x1>;
address-map = <0xff110000 &amba 0xff110000 0x1000>;
};
amba {
compatible = "simple-bus";
#address-cells = <0x1>;
#size-cells = <0x1>;
ranges = <0xff110000 0xff110000 0x1000;
timer0: timer@ff110000 {
compatible = "cdns,ttc";
status = "okay";
reg = <0xff110000 0x1000>;
};
};
Introducing ���secure-bus��� and extending ���regs���
- Introducing a new type of bus: ���secure-bus���
- first cell in ���regs��� specifies the execution mode
- #address-cells = <0x2>
- 0x0: non-secure
- 0x1: secure
amba {
compatible = "secure-bus";
#address-cells = <0x2>;
#size-cells = <0x1>;
timer0: timer@ff110000 {
compatible = "cdns,ttc";
status = "okay";
/* non-secure addresses */
reg = <0x0 0xff110000 0x1000
/* secure addresses */
0x1 0xc0110000 0x1000>;
};
Introducing ���secure-bus��� and extending ���regs���
- Introducing a new type of bus: ���secure-bus���
- first cell in ���regs��� specifies the execution mode
- secure-bus ranges property maps both secure and non-secure addresses
- #address-cells = <0x2>
- first cell in ���ranges��� specifies the execution mode
- 0x0: non-secure
- 0x1: secure
- how to distinguish between #address-cells = <0x2> to specify 64-bit addresses vs first cells to specify secure/non-secure?
#address-cells = <0x1>;
#size-cells = <0x1>;
amba {
compatible = "secure-bus";
#address-cells = <0x2>;
#size-cells = <0x1>;
/* non-secure mapping */
ranges = <0x0 0xff110000 0xff110000 0x1000
/* secure mapping */
0x1 0xc0110000 0xc0110000 0x1000>;
timer0: timer@ff110000 {
compatible = "cdns,ttc";
status = "okay";
/* non-secure addresses */
reg = <0x0 0xff110000 0x1000
/* secure addresses */
0x1 0xc0110000 0x1000>
};
���secure-address-map��� or extending ���address-map���
- Introducing ���secure-address-map��� to express CPU clusters mappings of secure addresses
- Alternatively, the first cell of ���address-map��� could be used to express the execution mode
#address-cells = <0x1>;
#size-cells = <0x1>;
cpus-cluster@0 {
compatible = "cpus,cluster";
#address-cells = <0x2>;
#size-cells = <0x1>;
/* traditional address-map property here as a reference */
address-map = <0xff110000 &amba 0xff110000 0x1000>;
/* secure-address-map specifies the CPU cluster's mapping of secure addresses */
secure-address-map = <0xc0110000 &amba 0xc0110000 0x1000>;
/* extending address-map with a secure/non-secure execution mode cell */
address-map = <0x0 0xff110000 &amba 0xff110000 0x1000
0x1 0xc0110000 &amba 0xc0110000 0x1000>;
};
amba {
compatible = "secure-bus";
#address-cells = <0x2>;
#size-cells = <0x1>;
/* non-secure mapping */
ranges = <0x0 0xff110000 0xff110000 0x1000
/* secure mapping */
0x1 0xc0110000 0xc0110000 0x1000>;
timer0: timer@ff110000 {
compatible = "cdns,ttc";
status = "okay";
/* non-secure addresses */
reg = <0x0 0xff110000 0x1000
/* secure addresses */
0x1 0xc0110000 0x1000>
};
Execution Domains
- Execution domains are unaffected as they already had a property to specify the execution mode
- 3rd cell of the ���cpus��� property
domains {
domains {
zephyr@0 {
compatible = "openamp,domain-v1";
/* execution mode: secure */
cpus = <&cpus_r5 0x2 0x80000000>;
#access-flags-cells = <1>;
/* timer0 resolves to address 0xc0110000 */
access = <&timer0 0x0>;
};
linux@1 {
compatible = "openamp,domain-v1";
/* execution mode: non-secure EL1 */
cpus = <&cpus_a72 0x2 0x00000001>;
#access-flags-cells = <1>;
/* timer0 resolves to address 0xff110000 */
access = <&timer0 0x0>;
};
};
};
Full Example
#address-cells = <0x1>;
#size-cells = <0x1>;
cpus-cluster@0 {
compatible = "cpus,cluster";
#address-cells = <0x2>;
#size-cells = <0x1>;
/* extending address-map with a secure/non-secure execution mode cell */
address-map = <0x0 0xff110000 &amba 0xff110000 0x1000
0x1 0xc0110000 &amba 0xc0110000 0x1000>;
};
amba {
compatible = "secure-bus";
#address-cells = <0x2>;
#size-cells = <0x1>;
/* non-secure mapping */
ranges = <0x0 0xff110000 0xff110000 0x1000
/* secure mapping */
0x1 0xc0110000 0xc0110000 0x1000>;
timer0: timer@ff110000 {
compatible = "cdns,ttc";
status = "okay";
/* non-secure addresses */
reg = <0x0 0xff110000 0x1000
/* secure addresses */
0x1 0xc0110000 0x1000>
};
};
domains {
zephyr@0 {
compatible = "openamp,domain-v1";
/* execution mode: secure */
cpus = <&cpus_r5 0x2 0x80000000>;
#access-flags-cells = <1>;
/* timer0 resolves to address 0xc0110000 */
access = <&timer0 0x0>;
};
linux@1 {
compatible = "openamp,domain-v1";
/* execution mode: non-secure EL1 */
cpus = <&cpus_a72 0x2 0x00000001>;
#access-flags-cells = <1>;
/* timer0 resolves to address 0xff110000 */
access = <&timer0 0x0>;
};
};