diff options
| author | Soby Mathew <soby.mathew@arm.com> | 2016-04-04 12:34:24 +0100 |
|---|---|---|
| committer | Soby Mathew <soby.mathew@arm.com> | 2016-04-07 16:30:45 +0100 |
| commit | 99e58f9e6943caeee72b3106c2c8a1cc3cdc7bf5 (patch) | |
| tree | d99ce13a2891a11bb714e43349ff4319f85c9a21 | |
| parent | 61dbb0285f478dcc0be5eb8c86291e203c9c80c2 (diff) | |
Enable SCR_EL3.SIF bit
This patch enables the SCR_EL3.SIF (Secure Instruction Fetch) bit in BL1 and
BL31 common architectural setup code. When in secure state, this disables
instruction fetches from Non-secure memory.
NOTE: THIS COULD BREAK PLATFORMS THAT HAVE SECURE WORLD CODE EXECUTING FROM
NON-SECURE MEMORY, BUT THIS IS CONSIDERED UNLIKELY AND IS A SERIOUS SECURITY
RISK.
Fixes ARM-Software/tf-issues#372
Change-Id: I684e84b8d523c3b246e9a5fabfa085b6405df319
| -rw-r--r-- | docs/firmware-design.md | 4 | ||||
| -rw-r--r-- | include/common/el3_common_macros.S | 7 |
2 files changed, 7 insertions, 4 deletions
diff --git a/docs/firmware-design.md b/docs/firmware-design.md index fe3c3f03..87bdb884 100644 --- a/docs/firmware-design.md +++ b/docs/firmware-design.md @@ -176,7 +176,9 @@ BL1 performs minimal architectural initialization as follows. - `SCR_EL3`. The register width of the next lower exception level is set to AArch64 by setting the `SCR.RW` bit. The `SCR.EA` bit is set to trap - both External Aborts and SError Interrupts in EL3. + both External Aborts and SError Interrupts in EL3. The `SCR.SIF` bit is + also set to disable instruction fetches from Non-secure memory when in + secure state. - `CPTR_EL3`. Accesses to the `CPACR_EL1` register from EL1 or EL2, or the `CPTR_EL2` register from EL2 are configured to not trap to EL3 by diff --git a/include/common/el3_common_macros.S b/include/common/el3_common_macros.S index ba80d95d..9b22a734 100644 --- a/include/common/el3_common_macros.S +++ b/include/common/el3_common_macros.S @@ -70,11 +70,12 @@ isb /* --------------------------------------------------------------------- - * Early set RES1 bits in SCR_EL3. Set EA bit as well to catch both - * External Aborts and SError Interrupts in EL3. + * Early set RES1 bits in SCR_EL3. Set EA bit to catch both + * External Aborts and SError Interrupts in EL3 and also the SIF bit + * to disable instruction fetches from Non-secure memory. * --------------------------------------------------------------------- */ - mov x0, #(SCR_RES1_BITS | SCR_EA_BIT) + mov x0, #(SCR_RES1_BITS | SCR_EA_BIT | SCR_SIF_BIT) msr scr_el3, x0 /* --------------------------------------------------------------------- * Enable External Aborts and SError Interrupts now that the exception |