On 12/6/23 3:51 AM, Manorit Chawdhry wrote:
The following commits adds the configuration of firewalls required to protect ATF and OP-TEE memory region from non-secure reads and writes using master and slave firewalls present in our K3 SOCs.
Signed-off-by: Manorit Chawdhry m-chawdhry@ti.com
arch/arm/dts/k3-j721e-binman.dtsi | 196 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 196 insertions(+)
diff --git a/arch/arm/dts/k3-j721e-binman.dtsi b/arch/arm/dts/k3-j721e-binman.dtsi index 5ddb474e3a41..f428aa81a6c1 100644 --- a/arch/arm/dts/k3-j721e-binman.dtsi +++ b/arch/arm/dts/k3-j721e-binman.dtsi @@ -146,6 +146,202 @@
fit { images {
atf {ti-secure {auth-in-place = <0xa02>;firewall-257-0 {/* cpu_0_cpu_0_msmc Background Firewall */id = <257>;region = <0>;control = <(FWCTRL_EN | FWCTRL_LOCK |FWCTRL_BG | FWCTRL_CACHE)>;permissions = <((FWPRIVID_ALL << FWPRIVID_SHIFT) |FWPERM_SECURE_PRIV_RWCD |FWPERM_SECURE_USER_RWCD |FWPERM_NON_SECURE_PRIV_RWCD |FWPERM_NON_SECURE_USER_RWCD)>;start_address = <0x0 0x0>;end_address = <0xff 0xffffffff>;};firewall-257-1 {/* cpu_0_cpu_0_msmc Foreground Firewall */id = <257>;region = <1>;control = <(FWCTRL_EN | FWCTRL_LOCK |FWCTRL_CACHE)>;permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |FWPERM_SECURE_PRIV_RWCD |FWPERM_SECURE_USER_RWCD)>;start_address = <0x0 0x70000000>;
7 levels of indentation, impressive :)
This start address should always match CONFIG_K3_ATF_LOAD_ADDR, any way you can just use that here?
Also this seems like a lot to add for each SoC, and much of it looks similar (at least for Jacinto class devices), could be an opportunity for templating.
Andrew
end_address = <0x0 0x7001ffff>;};