[PATCH v7 0/9] ATF and OP-TEE Firewalling for K3 devices.

29 Dec 2023


      K3 devices have firewalls that are used to prevent illegal accesses to
memory regions that are deemed secure. The series prevents the illegal
accesses to ATF and OP-TEE regions that are present in different K3
devices.
AM62X, AM62AX and AM64X are currently in hold due to some firewall
configurations that our System Controller (TIFS) needs to handle. 
The devices that are not configured with the firewalling nodes will not
be affected and can continue to work fine until the firewall nodes are
added so will be a non-blocking merge.
Test Logs: https://gist.github.com/manorit2001/4cead2fb3a19eb5d19005b3f54682627
CICD Run: https://github.com/u-boot/u-boot/pull/442
Signed-off-by: Manorit Chawdhry m-chawdhry@ti.com
---
Changes in v7:
* Andrew
- Update documentation
- Incorporate templating
* Simon
- Change the prefix for -binman.dtsi files
* Jon
- Remove the unintentional dependency on python3.9+
  (https://lore.kernel.org/all/CADL8D3ZWoZpMidBTy+iSs-KOB6+LRAFVcDa-n_fVqvd00Z0...)
- Add another patch to fix templating inclusion log
- Change headings level for secure boot documentation
- Populate 3 priv id slots for the background firewalls that require it
- Link to v6: https://lore.kernel.org/r/20231206-binman-firewalling-v6-0-e7fce13a6dc1@ti.c...
---
Manorit Chawdhry (9):
      dtoc: Change dst to self in debug message
      binman: ti-secure: Add support for firewalling entities
      binman: ftest: Add test for ti-secure firewall node
      arm: dts: k3-binman: Add k3-security.h and include it in k3-binman.dtsi
      arm: dts: k3-j721e-binman: Add firewall configurations
      arm: dts: k3-j721s2-binman: Add firewall configurations
      arm: dts: k3-j7200-binman: Add firewall configurations
      docs: board: ti: k3: Cleanup FIT signature documentation
      docs: board: ti: k3: Add secure booting documentation
arch/arm/dts/k3-binman.dtsi                        |  49 ++++
 arch/arm/dts/k3-j7200-binman.dtsi                  |  90 ++++++
 arch/arm/dts/k3-j721e-binman.dtsi                  | 116 ++++++++
 arch/arm/dts/k3-j721s2-binman.dtsi                 | 123 ++++++++
 arch/arm/dts/k3-security.h                         |  58 ++++
 doc/board/ti/k3.rst                                | 313 ++++++++++++++-------
 tools/binman/btool/openssl.py                      |  16 +-
 tools/binman/etype/ti_secure.py                    |  95 +++++++
 tools/binman/etype/x509_cert.py                    |   4 +-
 tools/binman/ftest.py                              |  23 ++
 tools/binman/test/324_ti_secure_firewall.dts       |  28 ++
 .../325_ti_secure_firewall_missing_property.dts    |  28 ++
 tools/dtoc/fdt.py                                  |   2 +-
 13 files changed, 842 insertions(+), 103 deletions(-)
---
base-commit: 2b28c3b871cd5d55b19f0a86cef970139f8ab952
change-id: 20230724-binman-firewalling-65ecdb23ec0a
Best regards,
-- 
Manorit Chawdhry m-chawdhry@ti.com