Re: [PATCH v6 5/8] binman: j721s2: Add firewall configurations
Hi Simon, On 09:50-20231226, Simon Glass wrote: > Hi Manorit, > > On Wed, Dec 6, 2023 at 9:51 AM Manorit Chawdhry wrote: > > > > The following commits adds the configuration of firewalls required to > > protect ATF and OP-TEE memory region from non-secure reads and > > writes using master and slave firewalls present in our K3 SOCs. > > > > Signed-off-by: Manorit Chawdhry > > --- > > arch/arm/dts/k3-j721s2-binman.dtsi | 217 > > + > > 1 file changed, 217 insertions(+) > > > > Just a minor point, but could you please reserve the 'binman' tag for > patches in tools/binman ? Sure, would do the needful! Thanks and regards, Manorit > > Thanks, > Simon
Re: [PATCH v6 5/8] binman: j721s2: Add firewall configurations
Hi Manorit, On Wed, Dec 6, 2023 at 9:51 AM Manorit Chawdhry wrote: > > The following commits adds the configuration of firewalls required to > protect ATF and OP-TEE memory region from non-secure reads and > writes using master and slave firewalls present in our K3 SOCs. > > Signed-off-by: Manorit Chawdhry > --- > arch/arm/dts/k3-j721s2-binman.dtsi | 217 > + > 1 file changed, 217 insertions(+) > Just a minor point, but could you please reserve the 'binman' tag for patches in tools/binman ? Thanks, Simon
[PATCH v6 5/8] binman: j721s2: Add firewall configurations
The following commits adds the configuration of firewalls required to protect ATF and OP-TEE memory region from non-secure reads and writes using master and slave firewalls present in our K3 SOCs. Signed-off-by: Manorit Chawdhry --- arch/arm/dts/k3-j721s2-binman.dtsi | 217 + 1 file changed, 217 insertions(+) diff --git a/arch/arm/dts/k3-j721s2-binman.dtsi b/arch/arm/dts/k3-j721s2-binman.dtsi index 3922007b3b7a..72d54635f4e1 100644 --- a/arch/arm/dts/k3-j721s2-binman.dtsi +++ b/arch/arm/dts/k3-j721s2-binman.dtsi @@ -159,6 +159,223 @@ fit { images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-257-0 { + /* cpu_0_cpu_0_msmc Background Firewall */ + id = <257>; + region = <0>; + control = <(FWCTRL_EN | FWCTRL_LOCK | + FWCTRL_BG | FWCTRL_CACHE)>; + permissions = <((FWPRIVID_ALL << FWPRIVID_SHIFT) | + FWPERM_SECURE_PRIV_RWCD | + FWPERM_SECURE_USER_RWCD | + FWPERM_NON_SECURE_PRIV_RWCD | + FWPERM_NON_SECURE_USER_RWCD)>; + start_address = <0x0 0x0>; + end_address = <0xff 0x>; + }; + + firewall-257-1 { + /* cpu_0_cpu_0_msmc Foreground Firewall */ + id = <257>; + region = <1>; + control = <(FWCTRL_EN | FWCTRL_LOCK | + FWCTRL_CACHE)>; + permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) | + FWPERM_SECURE_PRIV_RWCD | + FWPERM_SECURE_USER_RWCD)>; + start_address = <0x0 0x7000>; + end_address = <0x0 0x7001>; + }; + + firewall-284-0 { + /* dru_0_msmc Background Firewall */ + id = <284>; + region = <0>; + control = <(FWCTRL_EN | FWCTRL_LOCK | + FWCTRL_BG | FWCTRL_CACHE)>; + permissions = <((FWPRIVID_ALL << FWPRIVID_SHIFT) | + FWPERM_SECURE_PRIV_RWCD | + FWPERM_SECURE_USER_RWCD | + FWPERM_NON_SECURE_PRIV_RWCD | + FWPERM_NON_SECURE_USER_RWCD)>; + start_address = <0x0 0x0>; + end_address = <0xff 0x>; + }; + + firewall-284-1 { + /* dru_0_msmc Foreground Firewall */ + id = <284>; + region = <1>; + control = <(FWCTRL_EN | FWCTRL_LOCK | + FWCTRL_CACHE)>; +