From 74f99d24a52117d70f6187045ae529ffcac6b4e7 Mon Sep 17 00:00:00 2001
From: Andrew Thoelke <andrew.thoelke@arm.com>
Date: Thu, 22 May 2014 13:44:47 +0100
Subject: [PATCH] Limit BL3-1 read/write access to SRAM

At present BL3-1 has access to all of the SRAM, including
regions that are mapped as read-only and non-cacheable by other
firmware images.

This patch restricts BL3-1 to only be able to read/write from
memory used for its own data sections

Change-Id: I26cda1b9ba803d91a9eacda768f3ce7032c6db94
---
 plat/fvp/bl31_plat_setup.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plat/fvp/bl31_plat_setup.c b/plat/fvp/bl31_plat_setup.c
index 729ca5b28..2e012ba0f 100644
--- a/plat/fvp/bl31_plat_setup.c
+++ b/plat/fvp/bl31_plat_setup.c
@@ -199,8 +199,8 @@ void bl31_plat_arch_setup()
 	plat_cci_setup();
 
 #endif
-	configure_mmu_el3(TZRAM_BASE,
-			  TZRAM_SIZE,
+	configure_mmu_el3(BL31_RO_BASE,
+			  (BL31_COHERENT_RAM_LIMIT - BL31_RO_BASE),
 			  BL31_RO_BASE,
 			  BL31_RO_LIMIT,
 			  BL31_COHERENT_RAM_BASE,
-- 
GitLab