• This section explains how DDR Memory is divided and configured. Since all software components (boot loaders and Linux) needs to have the same settings, we will discuss all the software components in this section.

Description of Areas

Secure Area:

• In order to use Trust Zone and OP-TEE in your system, the secure area must be hidden from Linux. This means early in boot in the ARM Trusted Firmware code (BL2), the memory sections are configure so that non-secure code (u-boot and kernel) cannot access them.
• By default, the BSP allocates 128MB of space at the beginning of DDR Memory. That is why in the Device Tree settings for u-boot and kernel, the starting memory address is not the begging of physical DDR space because we are trying 'hide' this from Linux. In fact, even if the CPU tries to access this area, a hardware fault will occur.

CR7 and CM33 Area:

• The DDR area for the the sub-cores should be mapped below the memory allocated for the Linux kernel.
• The DDR location can be in Secure or non-Secure area.
• The default non-secure physical DDR address for the CR7 is 0x40040000
• The default non-secure physical DDR address for the CM33 is 0x40010000

H.264 Encode/Decode Area:

• The H.264 video codec drivers require dedicated memory. This is allocated in the "mmp_reserved: linux, multimedia" area of the kernel Device Tree.
• The size of this area depends on the resolution of the images being encoded and decoded.

LCD Frame Buffer area

• The LCD Frame buffer require dedicated memory. This is allocated in the "linux,cma" area of the kernel Device Tree.
• The size of this area depends on the resolution of LCD.

DDR Restricted Area (beginning of DDR)

• The first 64 bytes of DDR Address space (0x40000000) are restricted from being used.
• The reason is that the DDR3/DDR4 controller uses these address locations.
• Please do not allocate or use the beginning of the DDR address area.
• Please refer to the SoC Hardware Manuals for more details.

┌───────────────────────────────────────┐0x40000000
│   unused (DDR controller)             │
├───────────────────────────────────────┤0x40010000
│   CM33                                │
├───────────────────────────────────────┤0x43F00000
│   BL31 Secure Monitor (2MB)           │
├───────────────────────────────────────┤0x44100000
│   BL32 (OP-TEE)  (61MB)               │
├───────────────────────────────────────┤0x47E00000
│   unused                              │
├───────────────────────────────────────┤0x48000000
│   BL33 (u-boot) and Linux (1.99GB)    │
└───────────────────────────────────────┘0x80000000

RZ/G2L-LC-UL-V2L BSP load and execution default addresses

⁽¹⁾ Boot partition selected by [179] field (PARTITION CONFIG) of the EXT_CSD register. eMMC / SD sector size = 512bytes

⁽²⁾ Boot parameters are not executed, just copied

⁽³⁾ These addresses are fixed and cannot be configured

⁽⁴⁾ Relocated at the end of the DDR

⁽⁵⁾ For secure boot, actual BL2 code starts at 0x13000, at 0x12000 there's the key certificate and at 0x12400 the code certificate

Cortex-M33 Multi-OS default memory map

How to modify ARM Trusted Firmware

• This section explains how to modify the code for ARM Trusted Firmware.
• Trusted Firmware (BL31) and OP-TEE should reside in the Secure Area. The will allow HW protection from non-secure code such as Linux.
• There is no setting for Total DDR Memory size in the ARM Trusted Firmware. You only configure the size of the secure area and start of unsecure area (not the size of unsecure area)
• Configure the settings in file plat/renesas/rz/common/include/plat_tzc_def.h

Start Address and size of Trusted Firmware (BL31):

/* Trusted Firmware(BL31) secure DRAM 0x43F00000 - 0x440FFFFF */
#define PLAT_FW_TZC_PROT_DRAM1_BASE		(0x43F00000)
#define PLAT_FW_TZC_PROT_DRAM1_SIZE		(0x00200000)

• Configure the settings in file plat/renesas/rz/common/include/platform_def.h

/*******************************************************************************
 * BL31 specific defines.
 ******************************************************************************/
#define BL31_BASE				(0x44000000)
#define BL31_LIMIT				(0x44040000)

Start Address and size of OP-TEE (BL32):

/* OP-TEE secure DRAM 0x44100000 - 0x47DFFFFF */
#define PLAT_TEE_TZC_PROT_DRAM1_BASE	(0x44100000)
#define PLAT_TEE_TZC_PROT_DRAM1_SIZE	(0x03D00000)

/*******************************************************************************
 * BL32 specific defines.
 ******************************************************************************/
#ifndef SPD_none
#define BL32_BASE				(0x44100000)
#define BL32_LIMIT				(BL32_BASE + 0x100000)
#endif

Remove OP-TEE Area (optional)

• If you will not be using OP-TEE at all, you can comment out the code that configures that area in file plat_security.c.

diff --git a/plat/renesas/rz/common/plat_security.c b/plat/renesas/rz/common/plat_security.c
index 4e9c96f81..35a4910c0 100755
--- a/plat/renesas/rz/common/plat_security.c
+++ b/plat/renesas/rz/common/plat_security.c
@@ -115,8 +115,10 @@ static void bl2_security_setup(void)
     const arm_tzc_regions_info_t ddr_tzc_regions[] = {
         {PLAT_FW_TZC_PROT_DRAM1_BASE, PLAT_FW_TZC_PROT_DRAM1_END,
             TZC_REGION_S_RDWR, PLAT_TZC_REGION_ACCESS_S_UNPRIV},
+#if 0
         {PLAT_TEE_TZC_PROT_DRAM1_BASE, PLAT_TEE_TZC_PROT_DRAM1_END,
             TZC_REGION_S_RDWR,  PLAT_TZC_REGION_ACCESS_S_UNPRIV},
+#endif
         {}
     };

How to modify u-boot

• This section explains how to modify the code for u-boot.
• U-boot uses a Device Tree file to configure the memory size. There is a 'memory' node that configures the start address and size of DDR memory to use.
• For example:

	memory@48000000 {
 		device_type = "memory";
		/* first 128MB is reserved for secure area. */
		reg = <0 0x48000000 0 0x78000000>;
 	};

• ⚠ The 'memory' node in the Device Tree of u-boot is used for u-boot and is also used for the kernel Device Tree. When u-boot boots the kernel, it automatically overwrites the value in the kernel's Device Tree. This means that what you put in the kernel memory node in the kernel Device Tree will have no effect.
• There is also a define DRAM_RSV_SIZE that needs to be modified. This will be in the config file for your board. Set it to the size of your secure area that will be hidden from u-boot and Linux.
• For example, for the RZ/G2L SMARC board, that is file include/configs/smarc-rzg2l.h

#define DRAM_RSV_SIZE			0x08000000 /* 128MB by default */

How to modify kernel

• This section explains how to modify the code for the Linux.
• You should only need to modify the Device Tree files
• ⚠ Note that modifying memory node in the kernel device tree has no effect. The reason is that before boot, u-boot will overwrite the values in the kernel device tree. This means it is important that you set the device tree in u-boot to the setting you want the kernel to have. However, the other settings such as "linux,cma" and "linux,multimedia" are only set in the kernel device tree.

memory Node

• Defines the total memory for the Linux System
• Should match what you put in u-boot Device Tree
• Has no effect (overwritten by u-boot before boot)

	memory@48000000 {
		device_type = "memory";
		/* first 128MB is reserved for secure area. */
		reg = <0x0 0x48000000 0x0 0x78000000>;
	};

linux,cma Node

• CMA stands for "Contiguous Memory Allocator".
• Allows allocation of big, physically-contiguous memory blocks used for things like DMA transfers, GPU buffers or LCD Frame Buffer.
• CMA works by reserving a large memory area at boot time and immediately giving back the memory to the kernel memory subsystem with the constraint that memory can only be handed out either for CMA use or for movable pages. Basically this means this area can be used for small memory blocks (movable pages, like what the MMU uses for user application space), but if a big CMA request comes along, those small blocks get moved to prevent fragmentation so large contiguous blocks can be handed out.
• Depending on the size (resolution) of your LCD, or how much GPU graphics work you are doing, you may need increase this size (or decrease if not using).
• Since this is a general area used by all kernel drivers, if you are transferring a lot of data over a network (Ethernet) or USB, you might need to increase this area to have enough buffer area.

	reserved-memory {
		#address-cells = <2>;
		#size-cells = <2>;
		ranges;

		reserved: linux,cma@58000000 {
			compatible = "shared-dma-pool";
			linux,cma-default;
			reusable;
			reg = <0x0 0x58000000 0x0 0x10000000>;
		};
	};

linux,multimedia Node

• This area is used for H.264 encode or decode.
• Depending on the resolution of your frames, you many need to increase or decrease this area.

	reserved-memory {
		#address-cells = <2>;
		#size-cells = <2>;
		ranges;

		mmp_reserved: linux,multimedia {
			compatible = "shared-dma-pool";
			reusable;
			reg = <0x00000000 0x68000000 0x0 0x8000000>;
		};
	};

Examples

Reduce reserved area for RZ/G2L SMARC board

• If you are not evaluating security (OP-TEE) or sub-core (CM33), you can reduce the reserved area from 128MB to 2MB.
• The Linux kernel must be aligned on a 2MB address boundary, so that is our minimum reserved area size.
• Move BL31 0x43F00000 >> 0x40001000
• Reduce BL31 size 0x200000 >> 0xFE000
• Move BL32 (OP-TEE) 0x44100000 >> 0x400FF000
• Reduce BL32 (OP-TEE) size 0x100000 >> 0x1000 (too small to be used)
• Move u-boot and kernel 0x48000000 >> 40200000 (skip beginning of 2MB of DDR) and increase size by 126MB
• Expand below to show what files need to be modified.

-/* Trusted Firmware(BL31) secure DRAM 0x43F00000 - 0x440FFFFF */
-#define PLAT_FW_TZC_PROT_DRAM1_BASE            (0x43F00000)
-#define PLAT_FW_TZC_PROT_DRAM1_SIZE            (0x00200000)
+/* Trusted Firmware(BL31) secure DRAM 0x40001000 - 0x400FEFFF */
+#define PLAT_FW_TZC_PROT_DRAM1_BASE            (0x40001000)
+#define PLAT_FW_TZC_PROT_DRAM1_SIZE            (0x000FE000)

-/* OP-TEE secure DRAM 0x44100000 - 0x47DFFFFF */
-#define PLAT_TEE_TZC_PROT_DRAM1_BASE   (0x44100000)
-#define PLAT_TEE_TZC_PROT_DRAM1_SIZE   (0x03D00000)
+/* OP-TEE secure DRAM 0x400FF000 - 0x400FFFFF */
+#define PLAT_TEE_TZC_PROT_DRAM1_BASE   (0x400FF000)
+#define PLAT_TEE_TZC_PROT_DRAM1_SIZE   (0x00001000)

-#define BL31_BASE                              (0x44000000)
-#define BL31_LIMIT                             (0x44040000)
+#define BL31_BASE                              (0x40001000)
+#define BL31_LIMIT                             (BL31_BASE + 0xFE000)

-#define BL32_BASE                              (0x44100000)
-#define BL32_LIMIT                             (BL32_BASE + 0x100000)
+#define BL32_BASE                              (0x400FF000)
+#define BL32_LIMIT                             (BL32_BASE + 0x1000)

 /*******************************************************************************
  * BL33
  ******************************************************************************/
-#define BL33_BASE                (0x50000000)
+#define BL33_BASE                (0x42000000)
 #define BL33_LIMIT                (BL33_BASE + 0x08000000)

-#define DRAM_RSV_SIZE			0x08000000
+#define DRAM_RSV_SIZE			0x00200000

        memory@40200000 {
                device_type = "memory";
                /* first 2MB is reserved */
                reg = <0x0 0x40200000 0x0 0x7FE00000>;
        };

        memory@40200000 {
                device_type = "memory";
                /* first 2MB is reserved */
                reg = <0x0 0x40200000 0x0 0x7FE00000>;
        };

=> set sd_boot1 'mmc dev 1 ; fatload mmc 1:1 0x40280000 Image ; fatload mmc 1:1 0x40200000 /r9a07g044l2-smarc.dtb'
=> set sd_boot2 'setenv bootargs root=/dev/mmcblk1p2 rootwait ; booti 0x40280000 - 0x40200000'
=> saveenv

Reduce reserved area for RZ/G2E EK874 board

• If you are not evaluating security (OP-TEE) or sub-core (CR7), you can reduce the reserved area from 128MB to 32MB.
• The Linux kernel must be aligned on a 2MB address boundary, so that is our minimum reserved area size.
• Expand below to show what files need to be modified.

-#define RCAR_SDRAM_certESS		(0x43F00000U)
+#define RCAR_SDRAM_certESS		(0x40F00000U)

-#define RCAR_BL31_LOG_BASE	(0x44040000)
+#define RCAR_BL31_LOG_BASE	(0x41040000)

-#define BL32_BASE		U(0x44100000)
+#define BL32_BASE		U(0x41100000)

-#define BL33_BASE		DRAM1_NS_BASE
+#define BL33_BASE		U(0x50000000)//(hard code u-boot address) it was DRAM1_NS_BASE

-#define RCAR_TRUSTED_SRAM_BASE		0x44000000
+#define RCAR_TRUSTED_SRAM_BASE		0x41000000

-#define DRAM1_NS_BASE			(DRAM1_BASE + U(0x10000000))
+#define DRAM1_NS_BASE			(DRAM1_BASE + U(0x02000000))

-#define DRAM_PROTECTED_BASE		ULL(0x43F00000)
+#define DRAM_PROTECTED_BASE		ULL(0x40F00000) //(images have to be loaded inside this area)

-#define DRAM_PROTECTED_SIZE		ULL(0x03F00000)
+#define DRAM_PROTECTED_SIZE		ULL(0x01100000)

-#define RCAR_BL31_CRASH_BASE		U(0x4403F000)
+#define RCAR_BL31_CRASH_BASE		U(0x4103F000)

-			start = 0x48000000U;
-			size -= 0x8000000U;
+			start = 0x42000000U;
+			size -= 0x2000000U;

-#define RCAR_BL31DST_ADDRESS		(0x44000000U)
+#define RCAR_BL31DST_ADDRESS		(0x41000000U)

-#define RCAR_BL32DST_ADDRESS		(0x44100000U)
+#define RCAR_BL32DST_ADDRESS		(0x41100000U)

-#define DRAM_RSV_SIZE			0x08000000
+#define DRAM_RSV_SIZE			0x02000000

-	memory@48000000 {
+	memory@42000000 {
 		device_type = "memory";
-		/* first 128MB is reserved for secure area. */
-		reg = <0x0 0x48000000 0x0 0x78000000>;
+		/* first 32MB is reserved for secure area. */
+		reg = <0x0 0x42000000 0x0 0x7E000000>;
 	};

        memory@42000000 {
                device_type = "memory";
                /* first 32MB is reserved for secure area. */
                reg = <0x0 0x42000000 0x0 0x7E000000>;
        };

=> set sd_boot1 'mmc dev 1 ; fatload mmc 1:1 0x42080000 Image-ek874.bin ; fatload mmc 1:1 0x42000000 /Image-r8a774c0-es10-ek874.dtb'
=> set sd_boot2 'setenv bootargs root=/dev/mmcblk1p2 rootwait ; booti 0x42080000 - 0x42000000'
=> saveenv