Re: [PATCH] arm: dts: k3-j7200: Extend firewall for ATF region to TIFS

[Kumar, Udit]

On 12/15/2025 4:16 PM, Prasanth Babu Mantena wrote:

Extend the access to SRAM region of ATF to TIFS as well. This is
needed for TIFS for encryption and decryption of ATF as a part of
low power sequence.
So, give permissions for TIFS to access this region.

Signed-off-by: Prasanth Babu Mantena <p-mant...@ti.com>
---
  arch/arm/dts/k3-binman.dtsi       | 18 ++++++++++++++++--
  arch/arm/dts/k3-j7200-binman.dtsi |  4 ++--
  arch/arm/dts/k3-security.h        |  1 +
  3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi
index 761b1730464..6c5ebaa1f35 100644
--- a/arch/arm/dts/k3-binman.dtsi
+++ b/arch/arm/dts/k3-binman.dtsi
@@ -479,7 +479,21 @@
                start_address = <0x0 0x70000000>;
                end_address = <0x0 0x7001ffff>;
        };
-       firewall_armv8_optee_fg: template-8 {
+       firewall_armv8_atf_tifs_fg: template-8 {
+               control = <(FWCTRL_EN | FWCTRL_LOCK |
+                                       FWCTRL_CACHE)>;
+               permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
+                                               FWPERM_SECURE_PRIV_RWCD |
+                                               FWPERM_SECURE_USER_RWCD)>,
+                                       <((FWPRIVID_TIFS << FWPRIVID_SHIFT) |
+                                               FWPERM_SECURE_PRIV_RWCD |
+                                               FWPERM_SECURE_USER_RWCD |
+                                               FWPERM_NON_SECURE_PRIV_RWCD |
+                                               FWPERM_NON_SECURE_USER_RWCD)>;

I think you don't need permission for Non-secure (priv and user)

+               start_address = <0x0 0x70000000>;
+               end_address = <0x0 0x7001ffff>;
+       };
+       firewall_armv8_optee_fg: template-9 {
                control = <(FWCTRL_EN | FWCTRL_LOCK |
                                        FWCTRL_CACHE)>;
                permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
@@ -489,7 +503,7 @@
                end_address = <0x0 0x9fffffff>;
        };

- ti_falcon_template: template-9 {

+       ti_falcon_template: template-10 {
                filename = "tifalcon.bin";
                pad-byte = <0xff>;

diff --git a/arch/arm/dts/k3-j7200-binman.dtsi b/arch/arm/dts/k3-j7200-binman.dtsi

index b4e0ce8bfcf..72490fc7617 100644
--- a/arch/arm/dts/k3-j7200-binman.dtsi
+++ b/arch/arm/dts/k3-j7200-binman.dtsi
@@ -259,7 +259,7 @@

firewall-4760-1 {

                                                        /* nb_slv0__mem0 
Foreground Firewall */
-                                                       insert-template = 
<&firewall_armv8_atf_fg>;
+                                                       insert-template = 
<&firewall_armv8_atf_tifs_fg>;
                                                        id = <4760>;
                                                        region = <1>;
                                                };
@@ -272,7 +272,7 @@

firewall-4761-1 {

                                                        /* nb_slv1__mem0 
Foreground Firewall */
-                                                       insert-template = 
<&firewall_armv8_atf_fg>;
+                                                       insert-template = 
<&firewall_armv8_atf_tifs_fg>;
                                                        id = <4761>;
                                                        region = <1>;
                                                };
diff --git a/arch/arm/dts/k3-security.h b/arch/arm/dts/k3-security.h
index 33609caa8fb..0b3f2cf3df1 100644
--- a/arch/arm/dts/k3-security.h
+++ b/arch/arm/dts/k3-security.h
@@ -7,6 +7,7 @@
  #define DTS_ARM64_TI_K3_FIREWALL_H

#define FWPRIVID_ALL 0xc3

+#define FWPRIVID_TIFS  0xca
  #define FWPRIVID_ARMV8  1
  #define FWPRIVID_SHIFT  16