Re: [PATCH v6 5/8] binman: j721s2: Add firewall configurations
Hi Simon, On 09:50-20231226, Simon Glass wrote: > Hi Manorit, > > On Wed, Dec 6, 2023 at 9:51 AM Manorit Chawdhry wrote: > > > > The following commits adds the configuration of firewalls required to > > protect ATF and OP-TEE memory region from non-secure reads and > > writes using master and slave firewalls present in our K3 SOCs. > > > > Signed-off-by: Manorit Chawdhry > > --- > > arch/arm/dts/k3-j721s2-binman.dtsi | 217 > > + > > 1 file changed, 217 insertions(+) > > > > Just a minor point, but could you please reserve the 'binman' tag for > patches in tools/binman ? Sure, would do the needful! Thanks and regards, Manorit > > Thanks, > Simon
Re: [PATCH v6 5/8] binman: j721s2: Add firewall configurations
Hi Manorit, On Wed, Dec 6, 2023 at 9:51 AM Manorit Chawdhry wrote: > > The following commits adds the configuration of firewalls required to > protect ATF and OP-TEE memory region from non-secure reads and > writes using master and slave firewalls present in our K3 SOCs. > > Signed-off-by: Manorit Chawdhry > --- > arch/arm/dts/k3-j721s2-binman.dtsi | 217 > + > 1 file changed, 217 insertions(+) > Just a minor point, but could you please reserve the 'binman' tag for patches in tools/binman ? Thanks, Simon
[PATCH v6 5/8] binman: j721s2: Add firewall configurations
The following commits adds the configuration of firewalls required to
protect ATF and OP-TEE memory region from non-secure reads and
writes using master and slave firewalls present in our K3 SOCs.
Signed-off-by: Manorit Chawdhry
---
arch/arm/dts/k3-j721s2-binman.dtsi | 217 +
1 file changed, 217 insertions(+)
diff --git a/arch/arm/dts/k3-j721s2-binman.dtsi
b/arch/arm/dts/k3-j721s2-binman.dtsi
index 3922007b3b7a..72d54635f4e1 100644
--- a/arch/arm/dts/k3-j721s2-binman.dtsi
+++ b/arch/arm/dts/k3-j721s2-binman.dtsi
@@ -159,6 +159,223 @@
fit {
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-257-0 {
+ /* cpu_0_cpu_0_msmc
Background Firewall */
+ id = <257>;
+ region = <0>;
+ control = <(FWCTRL_EN |
FWCTRL_LOCK |
+
FWCTRL_BG | FWCTRL_CACHE)>;
+ permissions =
<((FWPRIVID_ALL << FWPRIVID_SHIFT) |
+
FWPERM_SECURE_PRIV_RWCD |
+
FWPERM_SECURE_USER_RWCD |
+
FWPERM_NON_SECURE_PRIV_RWCD |
+
FWPERM_NON_SECURE_USER_RWCD)>;
+ start_address = <0x0
0x0>;
+ end_address = <0xff
0x>;
+ };
+
+ firewall-257-1 {
+ /* cpu_0_cpu_0_msmc
Foreground Firewall */
+ id = <257>;
+ region = <1>;
+ control = <(FWCTRL_EN |
FWCTRL_LOCK |
+
FWCTRL_CACHE)>;
+ permissions =
<((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
+
FWPERM_SECURE_PRIV_RWCD |
+
FWPERM_SECURE_USER_RWCD)>;
+ start_address = <0x0
0x7000>;
+ end_address = <0x0
0x7001>;
+ };
+
+ firewall-284-0 {
+ /* dru_0_msmc
Background Firewall */
+ id = <284>;
+ region = <0>;
+ control = <(FWCTRL_EN |
FWCTRL_LOCK |
+
FWCTRL_BG | FWCTRL_CACHE)>;
+ permissions =
<((FWPRIVID_ALL << FWPRIVID_SHIFT) |
+
FWPERM_SECURE_PRIV_RWCD |
+
FWPERM_SECURE_USER_RWCD |
+
FWPERM_NON_SECURE_PRIV_RWCD |
+
FWPERM_NON_SECURE_USER_RWCD)>;
+ start_address = <0x0
0x0>;
+ end_address = <0xff
0x>;
+ };
+
+ firewall-284-1 {
+ /* dru_0_msmc
Foreground Firewall */
+ id = <284>;
+ region = <1>;
+ control = <(FWCTRL_EN |
FWCTRL_LOCK |
+
FWCTRL_CACHE)>;
+
