plat-nuvoton: configuration change

[rutigl]

Changes load address of OPTEE-OS from 0x36000000 to 0x02100000
Implements HUK reading from DME PCR0 located in PCI mailbox
Disables DT insecure warning

[jenswi-linaro]

Please rebase this on the upstream master branch to resolve the conflicts.

[rutigl]

Please rebase this on the upstream master branch to resolve the conflicts.

Done

[jforissier]

@rutigl you really need to learn how to use Git, GitHub and write proper commit subjects and descriptions. Otherwise your pull requests will take a long time to get reviewed and merged.

[rutigl]

@rutigl you really need to learn how to use Git, GitHub and write proper commit subjects and descriptions. Otherwise your pull requests will take a long time to get reviewed and merged.

Agree, I have not a big experience in GitHub PRs. Please tell me what to improve in current commits and I'll fix it

[jforissier]

plat-nuvoton: configuration change is doing several things:

• It changes the load address of OP-TEE and the RAM size allocated to it. Why? Not explained in the commit description.
• It moves the shared memory to a different address. Why? Not explained.
• It moves the SDP memory and declares a size for it. Where was the size defined previously? was SDP used or not? does this enable SDP, or does it change its characteristics? Not explained.
• It adds #include <mm/core_memprot.h>. Is this neeed? If so it should be in a separate commit.
• It changes the banner text. That should be in a separate commit.

plat-nuvoton: added HUK reading -> plat-nuvoton: add HUK reading (use imperative mood in commit subject)

I had other comments but you force pushed new commits while I was reviewing so I lost them. As mentioned in the documentation, the preferred way to address comments is to push fixup commits that are squashed in the end. And before squashing/force pushing, write a comment asking if it is OK to do so.

[rutigl]

• Load address of OPTEE-OS was changed because we moved TF-A from SRAM to DRAM, and our new memory map is described in the TF-A code. Do you want me to put the whole new memory map in commit message or in the platform_config.h? Or enough just say the reason of moving in commit message?
• Shared memory also moved because the same reason.
• SDP size wasn't define before, it's a part of new memory map
• memprot.h include is necessary for reading HUK, because it uses phys_to_virt function to access PCI Mailbox memory
• banner text change is not necessary and I removed it
• as for style, I'll immediately change it
  Thank you.

[jforissier]

Comments on "plat-nuvoton: add HUK reading"

[jforissier]

= NULL;

[rutigl]

Done

[jforissier]

= { };

[rutigl]

Done

[jforissier]

Why is this memcpy() needed?

[rutigl]

Agree, could be copied directly from vaddr

[jforissier]

= { };

[rutigl]

Done

[jforissier]

bin[0] is garbage at this point, isn't it? (well it will be 0 if you initialize bin[] properly as requested above, but is this intended?).

[rutigl]

agree, fixed

[jforissier]

"Initialized" sounds like this is something done only once but it isn't the case because tee_otp_get_hw_unique_key() may be called multiple times in case huk_subkey_derive() is called several times. So either this message has to be removed, or the HUK should be made static and computed only once (which might be the better option since it should not change anyways).

[rutigl]

I didn't know, that this function is called several times, so I have changed the logic accordingly.

[jforissier]

The subject of the second "plat-nuvoton: configuration change" commit should be "platf-nuvoton: force CFG_EXTERNAL_DT=n". With that it is:
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

[jforissier]

The subject of the first "plat-nuvoton: configuration change" commit should be more precise:
"plat-nuvoton: change load address, shared memory and SDP memory".
With that:
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

[jenswi-linaro]

It looks like this is ready to be merged.

[jforissier]

It looks like this is ready to be merged.

Indeed!