[PATCH 0/2] add support for hs bootflows on am62 devices
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for high security bootflow on am62 devices.
On HS devices, ROM and TIFS will protect the RAM regions with firewalls. This means the wakeup domain's SPL will need to move the stack and heap to HSM RAM to ensure it stays within its allotted memory regions.
Kamlesh Gurudasani (2): arm: mach-k3: am62: move scratch board area to HSM RAM configs: am62: move stack and heap to HSM RAM
arch/arm/mach-k3/include/mach/am62_hardware.h | 3 +-- configs/am62x_evm_r5_defconfig | 16 +++++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-)
From: Kamlesh Gurudasani kamlesh@ti.com
On high security devices, ROM enables firewalls to protect the OCSRAM region access during bootup. Only after TIFS has started (and had time to disable the OCSRAM firewall region) will we have write access to the region.
So, move scratch board area to HSM RAM.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com --- arch/arm/mach-k3/include/mach/am62_hardware.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/arm/mach-k3/include/mach/am62_hardware.h b/arch/arm/mach-k3/include/mach/am62_hardware.h index 17d3228cba..db4a32cd46 100644 --- a/arch/arm/mach-k3/include/mach/am62_hardware.h +++ b/arch/arm/mach-k3/include/mach/am62_hardware.h @@ -55,7 +55,6 @@
#define ROM_EXTENDED_BOOT_DATA_INFO 0x43c3f1e0
-/* Use Last 2K as Scratch pad */ -#define TI_SRAM_SCRATCH_BOARD_EEPROM_START 0x70000000 +#define TI_SRAM_SCRATCH_BOARD_EEPROM_START 0x43c30000
#endif /* __ASM_ARCH_AM62_HARDWARE_H */
On Thu, Mar 02, 2023 at 07:40:46PM +0530, kamlesh@ti.com wrote:
From: Kamlesh Gurudasani kamlesh@ti.com
On high security devices, ROM enables firewalls to protect the OCSRAM region access during bootup. Only after TIFS has started (and had time to disable the OCSRAM firewall region) will we have write access to the region.
So, move scratch board area to HSM RAM.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com
Applied to u-boot/master, thanks!
From: Kamlesh Gurudasani kamlesh@ti.com
On high security devices, ROM enables firewalls to protect the OCSRAM region access during bootup. Only after TIFS has started (and had time to disable the OCSRAM firewall region) will we have write access to the region.
This means we will need to move the stack & heap from OCSRAM to HSM RAM and reduce the size of BSS and the SPL to allow it to fit properly.
To protect us from overflowing our ~256k of HSM SRAM, add limits and check during the wakeup SPL build.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com --- configs/am62x_evm_r5_defconfig | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/configs/am62x_evm_r5_defconfig b/configs/am62x_evm_r5_defconfig index 4f9ecf2661..44a9130d99 100644 --- a/configs/am62x_evm_r5_defconfig +++ b/configs/am62x_evm_r5_defconfig @@ -8,7 +8,7 @@ CONFIG_NR_DRAM_BANKS=2 CONFIG_SOC_K3_AM625=y CONFIG_TARGET_AM625_R5_EVM=y CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y -CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x7000ffff +CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x43c3a7f0 CONFIG_ENV_SIZE=0x20000 CONFIG_DM_GPIO=y CONFIG_SPL_DM_SPI=y @@ -19,7 +19,9 @@ CONFIG_SPL_MMC=y CONFIG_SPL_SERIAL=y CONFIG_SPL_DRIVERS_MISC=y CONFIG_SPL_STACK_R_ADDR=0x82000000 -CONFIG_SPL_SIZE_LIMIT=0x40000 +CONFIG_SPL_SYS_MALLOC_F_LEN=0x7000 +CONFIG_SPL_SIZE_LIMIT=0x3A7F0 +CONFIG_SPL_SIZE_LIMIT_PROVIDE_STACK=0x3500 CONFIG_SPL_FS_FAT=y CONFIG_SPL_LIBDISK_SUPPORT=y CONFIG_SPL_SPI_FLASH_SUPPORT=y @@ -28,10 +30,14 @@ CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_LOAD_FIT_ADDRESS=0x80080000 CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y # CONFIG_DISPLAY_CPUINFO is not set -CONFIG_SPL_MAX_SIZE=0x58000 +CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y +CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y +CONFIG_SPL_MAX_SIZE=0x3B000 +CONFIG_SPL_PAD_TO=0x0 CONFIG_SPL_HAS_BSS_LINKER_SECTION=y -CONFIG_SPL_BSS_START_ADDR=0x43c37800 -CONFIG_SPL_BSS_MAX_SIZE=0x5000 +CONFIG_SPL_BSS_START_ADDR=0x43c3b000 +CONFIG_SPL_BSS_MAX_SIZE=0x3000 +CONFIG_SPL_SYS_REPORT_STACK_F_USAGE=y CONFIG_SPL_SYS_MALLOC_SIMPLE=y CONFIG_SPL_STACK_R=y CONFIG_SPL_SEPARATE_BSS=y
On Thu, Mar 02, 2023 at 07:40:47PM +0530, kamlesh@ti.com wrote:
From: Kamlesh Gurudasani kamlesh@ti.com
On high security devices, ROM enables firewalls to protect the OCSRAM region access during bootup. Only after TIFS has started (and had time to disable the OCSRAM firewall region) will we have write access to the region.
This means we will need to move the stack & heap from OCSRAM to HSM RAM and reduce the size of BSS and the SPL to allow it to fit properly.
To protect us from overflowing our ~256k of HSM SRAM, add limits and check during the wakeup SPL build.
Signed-off-by: Kamlesh Gurudasani kamlesh@ti.com
Applied to u-boot/master, thanks!
Hi Kamlesh!
On March 2, 2023 thus sayeth kamlesh@ti.com:
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for high security bootflow on am62 devices.
On HS devices, ROM and TIFS will protect the RAM regions with firewalls. This means the wakeup domain's SPL will need to move the stack and heap to HSM RAM to ensure it stays within its allotted memory regions.
Kamlesh Gurudasani (2): arm: mach-k3: am62: move scratch board area to HSM RAM configs: am62: move stack and heap to HSM RAM
arch/arm/mach-k3/include/mach/am62_hardware.h | 3 +-- configs/am62x_evm_r5_defconfig | 16 +++++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-)
Thanks for getting this fixed! Does TIFS drop the On Chip SRAM firewall completely once it's started? or only for the r5?
Reviewed-by: Bryan Brattlof bb@ti.com
~Bryan
Bryan Brattlof bb@ti.com writes:
Hi Kamlesh!
On March 2, 2023 thus sayeth kamlesh@ti.com:
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for high security bootflow on am62 devices.
On HS devices, ROM and TIFS will protect the RAM regions with firewalls. This means the wakeup domain's SPL will need to move the stack and heap to HSM RAM to ensure it stays within its allotted memory regions.
...
Thanks for getting this fixed! Does TIFS drop the On Chip SRAM firewall completely once it's started? or only for the r5?
It is open completely after TIFS drops it.
It is generic RAM, should be available for use to all cores. Ideally, it should have been opened up by ROM only, then we wouldn't have run in to this issue. (r5 accessing it before TIFS opens it up)
Thanks for the review.
Reviewed-by: Bryan Brattlof bb@ti.com
~Bryan
Bryan Brattlof bb@ti.com writes:
Hi Kamlesh!
On March 2, 2023 thus sayeth kamlesh@ti.com:
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for high security bootflow on am62 devices.
On HS devices, ROM and TIFS will protect the RAM regions with firewalls. This means the wakeup domain's SPL will need to move the stack and heap to HSM RAM to ensure it stays within its allotted memory regions.
Kamlesh Gurudasani (2): arm: mach-k3: am62: move scratch board area to HSM RAM configs: am62: move stack and heap to HSM RAM
arch/arm/mach-k3/include/mach/am62_hardware.h | 3 +-- configs/am62x_evm_r5_defconfig | 16 +++++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-)
Thanks for getting this fixed! Does TIFS drop the On Chip SRAM firewall completely once it's started? or only for the r5?
Reviewed-by: Bryan Brattlof bb@ti.com
~Bryan
Hi Tom,
Could you please review and merge this patches as these are bug fixes to get HS devices working.
Thanks.
~Kamlesh
On Thu, Mar 16, 2023 at 04:05:06PM +0530, Kamlesh Gurudasani wrote:
Bryan Brattlof bb@ti.com writes:
Hi Kamlesh!
On March 2, 2023 thus sayeth kamlesh@ti.com:
From: Kamlesh Gurudasani kamlesh@ti.com
Add support for high security bootflow on am62 devices.
On HS devices, ROM and TIFS will protect the RAM regions with firewalls. This means the wakeup domain's SPL will need to move the stack and heap to HSM RAM to ensure it stays within its allotted memory regions.
Kamlesh Gurudasani (2): arm: mach-k3: am62: move scratch board area to HSM RAM configs: am62: move stack and heap to HSM RAM
arch/arm/mach-k3/include/mach/am62_hardware.h | 3 +-- configs/am62x_evm_r5_defconfig | 16 +++++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-)
Thanks for getting this fixed! Does TIFS drop the On Chip SRAM firewall completely once it's started? or only for the r5?
Reviewed-by: Bryan Brattlof bb@ti.com
~Bryan
Hi Tom,
Could you please review and merge this patches as these are bug fixes to get HS devices working.
Is this a regression fix vs v2023.01 or new feature support? Thanks.
Tom Rini trini@konsulko.com writes: ...
Hi Tom,
Could you please review and merge this patches as these are bug fixes to get HS devices working.
Is this a regression fix vs v2023.01 or new feature support? Thanks.
Its regression fix vs 2023.01 for HS devices. Thanks.
~Kamlesh
-- Tom
On Fri, Mar 17, 2023 at 02:21:16PM +0530, Kamlesh Gurudasani wrote:
Tom Rini trini@konsulko.com writes: ...
Hi Tom,
Could you please review and merge this patches as these are bug fixes to get HS devices working.
Is this a regression fix vs v2023.01 or new feature support? Thanks.
Its regression fix vs 2023.01 for HS devices. Thanks.
To be clear, when did HS support work on am62, upstream?
Tom Rini trini@konsulko.com writes:
On Fri, Mar 17, 2023 at 02:21:16PM +0530, Kamlesh Gurudasani wrote:
Tom Rini trini@konsulko.com writes: ...
Hi Tom,
Could you please review and merge this patches as these are bug fixes to get HS devices working.
Is this a regression fix vs v2023.01 or new feature support? Thanks.
Its regression fix vs 2023.01 for HS devices. Thanks.
To be clear, when did HS support work on am62, upstream?
We have three devices GP, HS-FS and HS-SE GP and HS-FS works with same r5 spl config.
With recent changes in system firmware update it broke HS-FS, beacuse firewall condition were overlooked while adding r5-spl config. This series make sure that those firewall conditions are satisfied.
Once HS-FS is working it needs small change in r5-spl config to get HS-SE working. Changes needed for HS-SE to work will be sent in another patch.
~Kamlesh
-- Tom
participants (4)
-
Bryan Brattlof -
Kamlesh Gurudasani -
kamlesh@ti.com
-
Tom Rini