You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: appendix_a2.adoc
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -14,9 +14,9 @@ Placing IOPMPs in parallel can seamlessly enhance the support for an increased n
14
14
15
15
====
16
16
17
-
[#APPENDIX_A2_2]
18
17
*A2.2 Cascading IOPMP*
19
18
19
+
[#RRID_TRANSLATION]
20
20
Cascading multiple IOPMPs allows a transaction to traverse through more than one IOPMP. Each time a transaction goes through an IOPMP, it is tagged a new RRID until it reaches the final IOPMP. This new RRID represents that the transaction has been checked by a specific IOPMP. Subsequent IOPMPs could deem the transaction trustworthy and forward it to their initiator port without further checks, or check it in a higher level view, e.g., a subsystem view. An IOPMP with the above feature of tagging a new RRID is referred to as an IOPMP gateway. Its *HWCFG0.rrid_transl_en* should be set to 1, and *HWCFG2.rrid_transl* is used to store the RRID. *HWCFG0.rrid_transl_prog* indicates whether *HWCFG2.rrid_transl* is programmable or not. To lock *rrid_transl*, write 1 to *rrid_transl_prog*, which clears *rrid_transl_prog* and is sticky to 0.
Copy file name to clipboardExpand all lines: chapter3.adoc
+5-5Lines changed: 5 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -105,7 +105,7 @@ The term 'lock' refers to a hardware feature that renders one or more fields or
105
105
==== SRCMD Table Protection
106
106
In Format 0, every *SRCMD_EN(_s_)* register has a bit *l* at bit 0, which is used to lock registers *SRCMD_EN(_s_)*, and *SRCMD_ENH(_s_)* if any.
107
107
108
-
The two fields *MDLCK.md* and *MDLCKH.mdh* have 63 bits together. Every bit is used to lock the association bits with a memory domain in the SRCMD Table. In Format 0, for MD 0 ≤ _m_ ≤ 30, *MDLCK.md[_m_]* locks *SRCMD(_s_).md[_m_]* for all existing RRID _s_. In Format 1, there is no *MDLCK*. In Format 2, SRCMD Table can be prelocked fully or partially based on presets of *MDLCK.md*. For MD 31 ≤ _m_ ≤ 62, one should use *MDLCKH.mdh* to lock corresponding bits.
108
+
The two fields *MDLCK.md* and *MDLCKH.mdh* have 63 bits together. Every bit is used to lock the association bits with a memory domain in the SRCMD Table. In Format 0, for MD 0 ≤ _m_ ≤ 30, *MDLCK.md[_m_]* locks *SRCMD(_s_).md[_m_]* for all existing RRID _s_. In Format 1, there is no *MDLCK*. In Format 2, *MDLCK.md[_m_]* locks both *SRCMD_PERM(_m_)* and *SRCMD_PERMH(_m_)*. For MD 31 ≤ _m_ ≤ 62, one should use *MDLCKH.mdh* to lock corresponding bits.
109
109
110
110
Bit *MDLCK.l* is a sticky to 1 and indicates if *MDLCK* and *MDLCKH* are locked.
111
111
@@ -133,15 +133,15 @@ If *MDCFG(_m_)* is locked for MD _m_, while *MDCFG(_m_-1)* is not locked, it cou
133
133
IOPMP entry protection is also related to the other IOPMP entries belonging to the same memory domain. For a MD, locked entries should be placed in the higher priority. Otherwise, when the secure monitor is compromised, one unlocked entry in higher priority can overwrite all the other locked or non-locked entries in lower priority. A register *ENTRYLCK* is defined to indicate the number of nonprogrammable entries. *ENTRYLCK* register has two fields: *ENTRYLCK.l* and *ENTRYLCK.f*. Any IOPMP entry with index _i_ < *ENTRYLCK.f* is not programmable. *ENTRYLCK.f* is incremental-only. Any smaller value can not be written into it. Besides, *ENTRYLCK.l* is the lock to *ENTRYLCK.f* and itself. If *ENTRYLCK* is hardwired, *ENTRYLCK.l* should be wired to 1.
134
134
135
135
[#SECTION_3_5_4]
136
-
==== Summary of Protection
136
+
==== Summary of Table, Register, and Field Locks
137
137
138
-
The following sections specify the all locks for IOPMP tables, arrays, and registers:
138
+
Almost all programmable tables, registers, and fields have a corresponding lock mechanism that prevents updates until the IOPMP is reset. The following is a summary.
139
139
140
140
* <<#SECTION_3_5_1, SRCMD Table Protection>> - locks for the SRCMD Table.
141
141
* <<#SECTION_3_5_2, MDCFG Table Protection>> - locks for the MDCFG Table.
142
142
* <<#SECTION_3_5_3, Entry Protection>> - locks for the IOPMP entry array.
143
143
* <<#SECTION_2_6, Priority and Matching Logic>> - *HWCFG0.prient_prog* locks *HWCFG2.prio_entry*.
* <<#ERR_CFG, ERR_CFG>> - *ERR_CFG.l* locks *ERR_CFG*, *ERR_MSIADDR*, and *ERR_MSIADDRH*.
147
147
@@ -153,5 +153,5 @@ The registers *MDSTALL*, *MDSTALLH*, *RRIDSCP*, and error record registers do no
153
153
[#SECTION_3_6]
154
154
=== Prelocked Configurations
155
155
Prelocked configurations in the specification mean the fields or registers are locked right after reset. In practice, they could be hardwired and/or implemented by read-only memory. Every lock mechanism in this chapter can be optionally pre-locked.
156
-
The non-zero reset value of *MDCFGLCK.f* reflects the pre-locked *MDCFG(_j_)*, where _j_< *MDCFGLCK.f*. The non-zero reset value of *ENTRYLCK.f* reflects the existing pre-locked entries. *SRCMD_EN(H)* can have prelocked bits fully or partially based on presets of *MDLCK.md* and *SRCMD_EN.l*. Similarly, *SRCMD_PERM(H)* also can have prelocked bits fully or partially based on presets of *MDLCK.md*.
156
+
The non-zero reset value of *MDCFGLCK.f* reflects the pre-locked *MDCFG(_j_)*, where _j_< *MDCFGLCK.f*. The non-zero reset value of *ENTRYLCK.f* reflects the existing pre-locked entries. *SRCMD_EN(H)* can have prelocked bits fully or partially based on presets of *MDLCK.md* and *SRCMD_EN.l*. In Format 2, the SRCMD Table can be prelocked fully or partially based on the presets of *MDLCK.md*.
157
157
The rest of the lock bits can be preset, too. Please refer <<#SECTION_3_5_4, Summary of Protection>> for all lock bits.
0 commit comments