[U-Boot] [PATCH] board: ti: am654: Disable TRNG node for HS devices

Lokesh Vutla lokeshvutla at ti.com
Wed Sep 18 04:22:25 UTC 2019 


On 18/09/19 2:45 AM, Andrew F. Davis wrote:
> On HS devices the access to TRNG is restricted on the non-secure
> ARM side, disable the node in DT to prevent firewall violations.
> 
> Signed-off-by: Andrew F. Davis <afd at ti.com>

Reviewed-by: Lokesh Vutla <lokeshvutla at ti.com>

Thanks and regards,
Lokesh

> ---
>  arch/arm/mach-k3/common.c                 | 20 ++++++++++++++++++++
>  arch/arm/mach-k3/include/mach/sys_proto.h |  2 ++
>  board/ti/am65x/evm.c                      | 15 +++++++++++++--
>  3 files changed, 35 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
> index 3e36d90ace..c16afc654f 100644
> --- a/arch/arm/mach-k3/common.c
> +++ b/arch/arm/mach-k3/common.c
> @@ -137,6 +137,26 @@ int fdt_fixup_msmc_ram(void *blob, char *parent_path, char *node_name)
>  
>  	return 0;
>  }
> +
> +int fdt_disable_node(void *blob, char *node_path)
> +{
> +	int offs;
> +	int ret;
> +
> +	offs = fdt_path_offset(blob, node_path);
> +	if (offs < 0) {
> +		debug("Node %s not found.\n", node_path);
> +		return 0;
> +	}
> +	ret = fdt_setprop_string(blob, offs, "status", "disabled");
> +	if (ret < 0) {
> +		printf("Could not add status property to node %s: %s\n",
> +		       node_path, fdt_strerror(ret));
> +		return ret;
> +	}
> +	return 0;
> +}
> +
>  #endif
>  
>  #ifndef CONFIG_SYSRESET
> diff --git a/arch/arm/mach-k3/include/mach/sys_proto.h b/arch/arm/mach-k3/include/mach/sys_proto.h
> index 45832b45a1..3c825aa3d1 100644
> --- a/arch/arm/mach-k3/include/mach/sys_proto.h
> +++ b/arch/arm/mach-k3/include/mach/sys_proto.h
> @@ -14,4 +14,6 @@ struct ti_sci_handle *get_ti_sci_handle(void);
>  int fdt_fixup_msmc_ram(void *blob, char *parent_path, char *node_name);
>  int do_board_detect(void);
>  void release_resources_for_core_shutdown(void);
> +int fdt_disable_node(void *blob, char *node_path);
> +
>  #endif
> diff --git a/board/ti/am65x/evm.c b/board/ti/am65x/evm.c
> index e01adcd642..ad333ad883 100644
> --- a/board/ti/am65x/evm.c
> +++ b/board/ti/am65x/evm.c
> @@ -96,10 +96,21 @@ int ft_board_setup(void *blob, bd_t *bd)
>  	int ret;
>  
>  	ret = fdt_fixup_msmc_ram(blob, "/interconnect at 100000", "sram at 70000000");
> -	if (ret)
> +	if (ret) {
>  		printf("%s: fixing up msmc ram failed %d\n", __func__, ret);
> +		return ret;
> +	}
>  
> -	return ret;
> +#if defined(CONFIG_TI_SECURE_DEVICE)
> +	/* Make HW RNG reserved for secure world use */
> +	ret = fdt_disable_node(blob, "/interconnect at 100000/trng at 4e10000");
> +	if (ret) {
> +		printf("%s: disabling TRGN failed %d\n", __func__, ret);
> +		return ret;
> +	}
> +#endif
> +
> +	return 0;
>  }
>  #endif
>  
>

More information about the U-Boot mailing list