diff options
| author | Tom Rini <[email protected]> | 2026-02-07 11:51:14 -0600 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2026-02-07 11:51:14 -0600 |
| commit | 2ffab9da9142c03dc0f2ce056ccd2b0f43c02742 (patch) | |
| tree | 7b00090bbe677b0200f8a1cf6a984efad0b6e410 | |
| parent | 3243a73102c3a268269e4b1b1c79b2efb835df70 (diff) | |
| parent | 64daef1ada4e29a4fe6975bd7ad2f9f128cefe04 (diff) | |
Merge patch series "Firewall ATF and OP-TEE memory regions in Sitara"
Suhaas Joshi <[email protected]> says:
This series starts by replacing hard-coded addresses in firewall
templates that are defined in k3-binman.dtsi, by Kconfigs. Using
Kconfigs makes it easier for someone to move ATF and OP-TEE to another
location, since they wouldn't have to fiddle with the firewall
configurations in dtsi files.
The rest of the commits in this series add firewall configs to each
device's dtsi files.
I have only tested this patch series with TI boards. For non-TI Sitara
boards, respective board maintainers are requested to test the relevant
patch and confirm whether it works.
To test this, I used `k3conf <read|write> <address> [<value>]`. Both of
these operations were disallowed, as expected.
Link: https://lore.kernel.org/r/[email protected]
| -rw-r--r-- | arch/arm/dts/k3-am625-phycore-som-binman.dtsi | 30 | ||||
| -rw-r--r-- | arch/arm/dts/k3-am625-sk-binman.dtsi | 29 | ||||
| -rw-r--r-- | arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi | 30 | ||||
| -rw-r--r-- | arch/arm/dts/k3-am62a-phycore-som-binman.dtsi | 30 | ||||
| -rw-r--r-- | arch/arm/dts/k3-am62a-sk-binman.dtsi | 30 | ||||
| -rw-r--r-- | arch/arm/dts/k3-am62p-sk-binman.dtsi | 32 | ||||
| -rw-r--r-- | arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi | 32 | ||||
| -rw-r--r-- | arch/arm/dts/k3-am642-phycore-som-binman.dtsi | 31 | ||||
| -rw-r--r-- | arch/arm/dts/k3-am64x-binman.dtsi | 31 | ||||
| -rw-r--r-- | arch/arm/dts/k3-binman.dtsi | 8 |
10 files changed, 279 insertions, 4 deletions
diff --git a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi index a9bd5a2be84..5e777a1f305 100644 --- a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi +++ b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi @@ -215,6 +215,36 @@ fit { images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-0 { + insert-template = <&firewall_bg_3>; + id = <1>; + region = <0>; + }; + + firewall-1-1 { + insert-template = <&firewall_armv8_atf_fg>; + id = <1>; + region = <1>; + }; + }; + }; + + tee { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-2 { + insert-template = <&firewall_armv8_optee_fg>; + id = <1>; + region = <2>; + }; + }; + }; + tifsstub-hs { description = "TIFSSTUB"; type = "firmware"; diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi b/arch/arm/dts/k3-am625-sk-binman.dtsi index 42edb35fa7b..8d6015e44a9 100644 --- a/arch/arm/dts/k3-am625-sk-binman.dtsi +++ b/arch/arm/dts/k3-am625-sk-binman.dtsi @@ -275,6 +275,35 @@ fit { images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-0 { + insert-template = <&firewall_bg_3>; + id = <1>; + region = <0>; + }; + + firewall-1-1 { + insert-template = <&firewall_armv8_atf_fg>; + id = <1>; + region = <1>; + }; + }; + }; + + tee { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-2 { + insert-template = <&firewall_armv8_optee_fg>; + id = <1>; + region = <2>; + }; + }; + }; tifsstub-hs { description = "TIFSSTUB"; diff --git a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi index 65fef6e4790..7b646629587 100644 --- a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi +++ b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi @@ -200,6 +200,36 @@ fit { images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-0 { + insert-template = <&firewall_bg_3>; + id = <1>; + region = <0>; + }; + + firewall-1-1 { + insert-template = <&firewall_armv8_atf_fg>; + id = <1>; + region = <1>; + }; + }; + }; + + tee { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-2 { + insert-template = <&firewall_armv8_optee_fg>; + id = <1>; + region = <2>; + }; + }; + }; + tifsstub-hs { description = "TIFSSTUB"; type = "firmware"; diff --git a/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi b/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi index a284226320c..6f82a40908f 100644 --- a/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi +++ b/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi @@ -165,6 +165,36 @@ fit { images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-0 { + insert-template = <&firewall_bg_3>; + id = <1>; + region = <0>; + }; + + firewall-1-1 { + insert-template = <&firewall_armv8_atf_fg>; + id = <1>; + region = <1>; + }; + }; + }; + + tee { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-2 { + insert-template = <&firewall_armv8_optee_fg>; + id = <1>; + region = <2>; + }; + }; + }; + tifsstub-hs { description = "TIFSSTUB"; type = "firmware"; diff --git a/arch/arm/dts/k3-am62a-sk-binman.dtsi b/arch/arm/dts/k3-am62a-sk-binman.dtsi index cb9a56b8c37..49c90f5855c 100644 --- a/arch/arm/dts/k3-am62a-sk-binman.dtsi +++ b/arch/arm/dts/k3-am62a-sk-binman.dtsi @@ -200,6 +200,36 @@ fit { images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-0 { + insert-template = <&firewall_bg_3>; + id = <1>; + region = <0>; + }; + + firewall-1-1 { + insert-template = <&firewall_armv8_atf_fg>; + id = <1>; + region = <1>; + }; + }; + }; + + tee { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-2 { + insert-template = <&firewall_armv8_optee_fg>; + id = <1>; + region = <2>; + }; + }; + }; + tifsstub-hs { description = "TIFSSTUB"; type = "firmware"; diff --git a/arch/arm/dts/k3-am62p-sk-binman.dtsi b/arch/arm/dts/k3-am62p-sk-binman.dtsi index e1443d6226b..603487341d2 100644 --- a/arch/arm/dts/k3-am62p-sk-binman.dtsi +++ b/arch/arm/dts/k3-am62p-sk-binman.dtsi @@ -217,6 +217,38 @@ fit { images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-0 { + insert-template = <&firewall_bg_3>; + id = <1>; + region = <0>; + }; + + firewall-1-1 { + insert-template = <&firewall_armv8_atf_fg>; + id = <1>; + region = <1>; + }; + + }; + }; + + tee { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-2 { + insert-template = <&firewall_armv8_optee_fg>; + id = <1>; + region = <2>; + }; + + }; + }; + tifsstub-hs { description = "TIFSSTUB"; type = "firmware"; diff --git a/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi index 57ce3c0b41c..b46e871ef8a 100644 --- a/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi +++ b/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi @@ -159,6 +159,38 @@ fit { images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-0 { + insert-template = <&firewall_bg_3>; + id = <1>; + region = <0>; + }; + + firewall-1-1 { + insert-template = <&firewall_armv8_atf_fg>; + id = <1>; + region = <1>; + }; + + }; + }; + + tee { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-2 { + insert-template = <&firewall_armv8_optee_fg>; + id = <1>; + region = <2>; + }; + + }; + }; + tifsstub-hs { description = "TIFSSTUB"; type = "firmware"; diff --git a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi index 966905bd64d..07cb79fd04a 100644 --- a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi +++ b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi @@ -141,6 +141,37 @@ #address-cells = <1>; images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-24-5 { + insert-template = <&firewall_armv8_atf_fg>; + id = <24>; + region = <5>; + }; + }; + }; + + tee { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-0 { + insert-template = <&firewall_bg_3>; + id = <1>; + region = <0>; + }; + + + firewall-1-1 { + insert-template = <&firewall_armv8_optee_fg>; + id = <1>; + region = <1>; + }; + }; + }; + dm { blob-ext { filename = "/dev/null"; diff --git a/arch/arm/dts/k3-am64x-binman.dtsi b/arch/arm/dts/k3-am64x-binman.dtsi index 32e47a3f688..f3c7f2c939d 100644 --- a/arch/arm/dts/k3-am64x-binman.dtsi +++ b/arch/arm/dts/k3-am64x-binman.dtsi @@ -139,6 +139,37 @@ #address-cells = <1>; images { + atf { + ti-secure { + auth-in-place = <0xa02>; + + firewall-24-5 { + insert-template = <&firewall_armv8_atf_fg>; + id = <24>; + region = <5>; + }; + }; + }; + + tee { + ti-secure { + auth-in-place = <0xa02>; + + firewall-1-0 { + insert-template = <&firewall_bg_3>; + id = <1>; + region = <0>; + }; + + + firewall-1-1 { + insert-template = <&firewall_armv8_optee_fg>; + id = <1>; + region = <1>; + }; + }; + }; + dm { blob-ext { filename = "/dev/null"; diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi index 761b1730464..0fd93f9536a 100644 --- a/arch/arm/dts/k3-binman.dtsi +++ b/arch/arm/dts/k3-binman.dtsi @@ -476,8 +476,8 @@ permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) | FWPERM_SECURE_PRIV_RWCD | FWPERM_SECURE_USER_RWCD)>; - start_address = <0x0 0x70000000>; - end_address = <0x0 0x7001ffff>; + start_address = <0x0 CONFIG_K3_ATF_LOAD_ADDR>; + end_address = <0x0 (CONFIG_K3_ATF_LOAD_ADDR + 0x1ffff)>; }; firewall_armv8_optee_fg: template-8 { control = <(FWCTRL_EN | FWCTRL_LOCK | @@ -485,8 +485,8 @@ permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) | FWPERM_SECURE_PRIV_RWCD | FWPERM_SECURE_USER_RWCD)>; - start_address = <0x0 0x9e800000>; - end_address = <0x0 0x9fffffff>; + start_address = <0x0 CONFIG_K3_OPTEE_LOAD_ADDR>; + end_address = <0x0 (CONFIG_K3_OPTEE_LOAD_ADDR + 0x17fffff)>; }; ti_falcon_template: template-9 { |