diff --git a/docs/firmware-design.md b/docs/firmware-design.md index 8c635a9..a40ddac 100644 --- a/docs/firmware-design.md +++ b/docs/firmware-design.md @@ -207,15 +207,17 @@ #### Platform initialization -BL2 does not perform any platform initialization that affects subsequent -stages of the ARM Trusted Firmware or normal world software. It copies the -information regarding the trusted SRAM populated by BL1 using a +BL2 copies the information regarding the trusted SRAM populated by BL1 using a platform-specific mechanism. It calculates the limits of DRAM (main memory) to determine whether there is enough space to load the BL3-3 image. A platform defined base address is used to specify the load address for the BL3-1 image. It also defines the extents of memory available for use by the BL3-2 image. BL2 also initializes UART0 (PL011 console), which enables access to the -`printf` family of functions in BL2 +`printf` family of functions in BL2. Platform security is initialized to allow +access to access controlled components. On the Base FVP a TrustZone controller +(TZC-400) is configured to give full access to the platform DRAM. The storage +abstraction layer is initialized which is used to load further bootloader +images. #### BL3-1 (EL3 Runtime Firmware) image load diff --git a/docs/porting-guide.md b/docs/porting-guide.md index 868eb33..8a024d8 100644 --- a/docs/porting-guide.md +++ b/docs/porting-guide.md @@ -630,6 +630,10 @@ this function. This information is accessible in the `bl33_meminfo` field in the `bl31_args` structure pointed to by `bl2_to_bl31_args`. +Platform security components are configured if required. For the Base FVP the +TZC-400 TrustZone controller is configured to grant secure and non-secure access +to DRAM. + This function is also responsible for initializing the storage abstraction layer which is used to load further bootloader images. diff --git a/docs/user-guide.md b/docs/user-guide.md index 39d09c1..1bb0fe9 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -532,9 +532,15 @@ Package at the start of NOR FLASH0 (see the "Building the Trusted Firmware" section above). +NOTE: Setting the `-C bp.secure_memory` parameter to `1` is only supported on +FVP versions 5.4 and newer. Setting this parameter to `0` is also supported. +The `-C bp.tzc_400.diagnostics=1` parameter is optional. It instructs the FVP to +provide some helpful information if a secure memory violation occurs. + /FVP_Base_AEMv8A-AEMv8A \ -C pctl.startup=0.0.0.0 \ - -C bp.secure_memory=0 \ + -C bp.secure_memory=1 \ + -C bp.tzc_400.diagnostics=1 \ -C cluster0.NUM_CORES=4 \ -C cluster1.NUM_CORES=4 \ -C cache_state_modelled=1 \ @@ -560,9 +566,15 @@ Package at the start of NOR FLASH0 (see the "Building the Trusted Firmware" section above). +NOTE: Setting the `-C bp.secure_memory` parameter to `1` is only supported on +FVP versions 5.4 and newer. Setting this parameter to `0` is also supported. +The `-C bp.tzc_400.diagnostics=1` parameter is optional. It instructs the FVP to +provide some helpful information if a secure memory violation occurs. + /FVP_Base_Cortex-A57x4-A53x4 \ -C pctl.startup=0.0.0.0 \ - -C bp.secure_memory=0 \ + -C bp.secure_memory=1 \ + -C bp.tzc_400.diagnostics=1 \ -C cache_state_modelled=1 \ -C bp.pl011_uart0.untimed_fifos=1 \ -C bp.secureflashloader.fname="/" \