summaryrefslogtreecommitdiff
path: root/arch
diff options
context:
space:
mode:
authorTom Rini <[email protected]>2026-02-07 11:51:14 -0600
committerTom Rini <[email protected]>2026-02-07 11:51:14 -0600
commit2ffab9da9142c03dc0f2ce056ccd2b0f43c02742 (patch)
tree7b00090bbe677b0200f8a1cf6a984efad0b6e410 /arch
parent3243a73102c3a268269e4b1b1c79b2efb835df70 (diff)
parent64daef1ada4e29a4fe6975bd7ad2f9f128cefe04 (diff)
Merge patch series "Firewall ATF and OP-TEE memory regions in Sitara"
Suhaas Joshi <[email protected]> says: This series starts by replacing hard-coded addresses in firewall templates that are defined in k3-binman.dtsi, by Kconfigs. Using Kconfigs makes it easier for someone to move ATF and OP-TEE to another location, since they wouldn't have to fiddle with the firewall configurations in dtsi files. The rest of the commits in this series add firewall configs to each device's dtsi files. I have only tested this patch series with TI boards. For non-TI Sitara boards, respective board maintainers are requested to test the relevant patch and confirm whether it works. To test this, I used `k3conf <read|write> <address> [<value>]`. Both of these operations were disallowed, as expected. Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'arch')
-rw-r--r--arch/arm/dts/k3-am625-phycore-som-binman.dtsi30
-rw-r--r--arch/arm/dts/k3-am625-sk-binman.dtsi29
-rw-r--r--arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi30
-rw-r--r--arch/arm/dts/k3-am62a-phycore-som-binman.dtsi30
-rw-r--r--arch/arm/dts/k3-am62a-sk-binman.dtsi30
-rw-r--r--arch/arm/dts/k3-am62p-sk-binman.dtsi32
-rw-r--r--arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi32
-rw-r--r--arch/arm/dts/k3-am642-phycore-som-binman.dtsi31
-rw-r--r--arch/arm/dts/k3-am64x-binman.dtsi31
-rw-r--r--arch/arm/dts/k3-binman.dtsi8
10 files changed, 279 insertions, 4 deletions
diff --git a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi
index a9bd5a2be84..5e777a1f305 100644
--- a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi
+++ b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi
@@ -215,6 +215,36 @@
fit {
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-0 {
+ insert-template = <&firewall_bg_3>;
+ id = <1>;
+ region = <0>;
+ };
+
+ firewall-1-1 {
+ insert-template = <&firewall_armv8_atf_fg>;
+ id = <1>;
+ region = <1>;
+ };
+ };
+ };
+
+ tee {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-2 {
+ insert-template = <&firewall_armv8_optee_fg>;
+ id = <1>;
+ region = <2>;
+ };
+ };
+ };
+
tifsstub-hs {
description = "TIFSSTUB";
type = "firmware";
diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi b/arch/arm/dts/k3-am625-sk-binman.dtsi
index 42edb35fa7b..8d6015e44a9 100644
--- a/arch/arm/dts/k3-am625-sk-binman.dtsi
+++ b/arch/arm/dts/k3-am625-sk-binman.dtsi
@@ -275,6 +275,35 @@
fit {
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-0 {
+ insert-template = <&firewall_bg_3>;
+ id = <1>;
+ region = <0>;
+ };
+
+ firewall-1-1 {
+ insert-template = <&firewall_armv8_atf_fg>;
+ id = <1>;
+ region = <1>;
+ };
+ };
+ };
+
+ tee {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-2 {
+ insert-template = <&firewall_armv8_optee_fg>;
+ id = <1>;
+ region = <2>;
+ };
+ };
+ };
tifsstub-hs {
description = "TIFSSTUB";
diff --git a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi
index 65fef6e4790..7b646629587 100644
--- a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi
+++ b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi
@@ -200,6 +200,36 @@
fit {
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-0 {
+ insert-template = <&firewall_bg_3>;
+ id = <1>;
+ region = <0>;
+ };
+
+ firewall-1-1 {
+ insert-template = <&firewall_armv8_atf_fg>;
+ id = <1>;
+ region = <1>;
+ };
+ };
+ };
+
+ tee {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-2 {
+ insert-template = <&firewall_armv8_optee_fg>;
+ id = <1>;
+ region = <2>;
+ };
+ };
+ };
+
tifsstub-hs {
description = "TIFSSTUB";
type = "firmware";
diff --git a/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi b/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi
index a284226320c..6f82a40908f 100644
--- a/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi
+++ b/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi
@@ -165,6 +165,36 @@
fit {
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-0 {
+ insert-template = <&firewall_bg_3>;
+ id = <1>;
+ region = <0>;
+ };
+
+ firewall-1-1 {
+ insert-template = <&firewall_armv8_atf_fg>;
+ id = <1>;
+ region = <1>;
+ };
+ };
+ };
+
+ tee {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-2 {
+ insert-template = <&firewall_armv8_optee_fg>;
+ id = <1>;
+ region = <2>;
+ };
+ };
+ };
+
tifsstub-hs {
description = "TIFSSTUB";
type = "firmware";
diff --git a/arch/arm/dts/k3-am62a-sk-binman.dtsi b/arch/arm/dts/k3-am62a-sk-binman.dtsi
index cb9a56b8c37..49c90f5855c 100644
--- a/arch/arm/dts/k3-am62a-sk-binman.dtsi
+++ b/arch/arm/dts/k3-am62a-sk-binman.dtsi
@@ -200,6 +200,36 @@
fit {
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-0 {
+ insert-template = <&firewall_bg_3>;
+ id = <1>;
+ region = <0>;
+ };
+
+ firewall-1-1 {
+ insert-template = <&firewall_armv8_atf_fg>;
+ id = <1>;
+ region = <1>;
+ };
+ };
+ };
+
+ tee {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-2 {
+ insert-template = <&firewall_armv8_optee_fg>;
+ id = <1>;
+ region = <2>;
+ };
+ };
+ };
+
tifsstub-hs {
description = "TIFSSTUB";
type = "firmware";
diff --git a/arch/arm/dts/k3-am62p-sk-binman.dtsi b/arch/arm/dts/k3-am62p-sk-binman.dtsi
index e1443d6226b..603487341d2 100644
--- a/arch/arm/dts/k3-am62p-sk-binman.dtsi
+++ b/arch/arm/dts/k3-am62p-sk-binman.dtsi
@@ -217,6 +217,38 @@
fit {
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-0 {
+ insert-template = <&firewall_bg_3>;
+ id = <1>;
+ region = <0>;
+ };
+
+ firewall-1-1 {
+ insert-template = <&firewall_armv8_atf_fg>;
+ id = <1>;
+ region = <1>;
+ };
+
+ };
+ };
+
+ tee {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-2 {
+ insert-template = <&firewall_armv8_optee_fg>;
+ id = <1>;
+ region = <2>;
+ };
+
+ };
+ };
+
tifsstub-hs {
description = "TIFSSTUB";
type = "firmware";
diff --git a/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi
index 57ce3c0b41c..b46e871ef8a 100644
--- a/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi
+++ b/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi
@@ -159,6 +159,38 @@
fit {
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-0 {
+ insert-template = <&firewall_bg_3>;
+ id = <1>;
+ region = <0>;
+ };
+
+ firewall-1-1 {
+ insert-template = <&firewall_armv8_atf_fg>;
+ id = <1>;
+ region = <1>;
+ };
+
+ };
+ };
+
+ tee {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-2 {
+ insert-template = <&firewall_armv8_optee_fg>;
+ id = <1>;
+ region = <2>;
+ };
+
+ };
+ };
+
tifsstub-hs {
description = "TIFSSTUB";
type = "firmware";
diff --git a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
index 966905bd64d..07cb79fd04a 100644
--- a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
+++ b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
@@ -141,6 +141,37 @@
#address-cells = <1>;
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-24-5 {
+ insert-template = <&firewall_armv8_atf_fg>;
+ id = <24>;
+ region = <5>;
+ };
+ };
+ };
+
+ tee {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-0 {
+ insert-template = <&firewall_bg_3>;
+ id = <1>;
+ region = <0>;
+ };
+
+
+ firewall-1-1 {
+ insert-template = <&firewall_armv8_optee_fg>;
+ id = <1>;
+ region = <1>;
+ };
+ };
+ };
+
dm {
blob-ext {
filename = "/dev/null";
diff --git a/arch/arm/dts/k3-am64x-binman.dtsi b/arch/arm/dts/k3-am64x-binman.dtsi
index 32e47a3f688..f3c7f2c939d 100644
--- a/arch/arm/dts/k3-am64x-binman.dtsi
+++ b/arch/arm/dts/k3-am64x-binman.dtsi
@@ -139,6 +139,37 @@
#address-cells = <1>;
images {
+ atf {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-24-5 {
+ insert-template = <&firewall_armv8_atf_fg>;
+ id = <24>;
+ region = <5>;
+ };
+ };
+ };
+
+ tee {
+ ti-secure {
+ auth-in-place = <0xa02>;
+
+ firewall-1-0 {
+ insert-template = <&firewall_bg_3>;
+ id = <1>;
+ region = <0>;
+ };
+
+
+ firewall-1-1 {
+ insert-template = <&firewall_armv8_optee_fg>;
+ id = <1>;
+ region = <1>;
+ };
+ };
+ };
+
dm {
blob-ext {
filename = "/dev/null";
diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi
index 761b1730464..0fd93f9536a 100644
--- a/arch/arm/dts/k3-binman.dtsi
+++ b/arch/arm/dts/k3-binman.dtsi
@@ -476,8 +476,8 @@
permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
FWPERM_SECURE_PRIV_RWCD |
FWPERM_SECURE_USER_RWCD)>;
- start_address = <0x0 0x70000000>;
- end_address = <0x0 0x7001ffff>;
+ start_address = <0x0 CONFIG_K3_ATF_LOAD_ADDR>;
+ end_address = <0x0 (CONFIG_K3_ATF_LOAD_ADDR + 0x1ffff)>;
};
firewall_armv8_optee_fg: template-8 {
control = <(FWCTRL_EN | FWCTRL_LOCK |
@@ -485,8 +485,8 @@
permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
FWPERM_SECURE_PRIV_RWCD |
FWPERM_SECURE_USER_RWCD)>;
- start_address = <0x0 0x9e800000>;
- end_address = <0x0 0x9fffffff>;
+ start_address = <0x0 CONFIG_K3_OPTEE_LOAD_ADDR>;
+ end_address = <0x0 (CONFIG_K3_OPTEE_LOAD_ADDR + 0x17fffff)>;
};
ti_falcon_template: template-9 {
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-11 19:38:03 +0000