K3 devices have firewalls that are used to prevent illegal accesses to memory regions that are deemed secure. The series prevents the illegal accesses to ATF and OP-TEE regions that are present in different K3 devices.
AM62X, AM62AX and AM64X are currently in hold due to some firewall configurations that our System Controller (TIFS) needs to handle. The devices that are not configured with the firewalling nodes will not be affected and can continue to work fine until the firewall nodes are added so will be a non-blocking merge.
Test Logs: https://gist.github.com/manorit2001/c929e6ccab03f55b3828896fbd04184b CICD Run: https://github.com/u-boot/u-boot/pull/442
Signed-off-by: Manorit Chawdhry m-chawdhry@ti.com --- Changes in v6: - Rebase on -next - Link to v5: https://lore.kernel.org/r/20231113-binman-firewalling-v5-0-b3ba6f839606@ti.c...
--- Manorit Chawdhry (8): binman: ti-secure: Add support for firewalling entities binman: ftest: Add test for ti-secure firewall node binman: k3: Add k3-security.h and include it in k3-binman.dtsi binman: j721e: Add firewall configurations binman: j721s2: Add firewall configurations binman: j7200: Add firewall configurations docs: k3: Cleanup FIT signature documentation docs: k3: Add secure booting documentation
arch/arm/dts/k3-binman.dtsi | 2 + arch/arm/dts/k3-j7200-binman.dtsi | 152 ++++++++++ arch/arm/dts/k3-j721e-binman.dtsi | 196 +++++++++++++ arch/arm/dts/k3-j721s2-binman.dtsi | 217 ++++++++++++++ arch/arm/dts/k3-security.h | 58 ++++ doc/board/ti/k3.rst | 315 ++++++++++++++------- tools/binman/btool/openssl.py | 16 +- tools/binman/etype/ti_secure.py | 95 +++++++ tools/binman/etype/x509_cert.py | 4 +- tools/binman/ftest.py | 23 ++ tools/binman/test/324_ti_secure_firewall.dts | 28 ++ .../325_ti_secure_firewall_missing_property.dts | 28 ++ 12 files changed, 1032 insertions(+), 102 deletions(-) --- base-commit: d379150621a5dbe7929b43d184cb51bb8c3ec4cb change-id: 20230724-binman-firewalling-65ecdb23ec0a
Best regards,