[PATCH v4 0/8] ATF and OP-TEE Firewalling for K3 devices.
Manorit Chawdhry
m-chawdhry at ti.com
Wed Oct 11 08:24:57 CEST 2023
K3 devices have firewalls that are used to prevent illegal accesses to
memory regions that are deemed secure. The series prevents the illegal
accesses to ATF and OP-TEE regions that are present in different K3
devices.
AM62X, AM62AX and AM64X are currently in hold due to some firewall
configurations that our System Controller (TIFS) needs to handle.
The devices that are not configured with the firewalling nodes will not
be affected and can continue to work fine until the firewall nodes are
added so will be a non-blocking merge.
Test Logs: https://gist.github.com/manorit2001/c929e6ccab03f55b3828896fbd04184b
Signed-off-by: Manorit Chawdhry <m-chawdhry at ti.com>
---
Changes in v4:
* Nishanth
- Add documentation
(https://lore.kernel.org/u-boot/20231009050838.eo5f62fo36kxsaer@ula0497581/)
* Simon
- Change auth_in_place to auth-in-place
- Change double quotes to single quotes
- Handle exception when firewall property is missing and add a test
- Dropped the test Reviewed-by due to a changes in test commit
- Cleanup FIT Image documentation also as that is also a part of secure
boot.
- Link to v3: https://lore.kernel.org/r/20231004-binman-firewalling-v3-0-e4a102324e1f@ti.com
---
Manorit Chawdhry (8):
binman: ti-secure: Add support for firewalling entities
binman: ftest: Add test for ti-secure firewall node
binman: k3: Add k3-security.h and include it in k3-binman.dtsi
binman: j721e: Add firewall configurations
binman: j721s2: Add firewall configurations
binman: j7200: Add firewall configurations
docs: k3: Cleanup FIT signature documentation
docs: k3: Add secure booting documentation
arch/arm/dts/k3-binman.dtsi | 2 +
arch/arm/dts/k3-j7200-binman.dtsi | 143 ++++++++++
arch/arm/dts/k3-j721e-binman.dtsi | 187 ++++++++++++
arch/arm/dts/k3-j721s2-binman.dtsi | 208 ++++++++++++++
arch/arm/dts/k3-security.h | 58 ++++
doc/board/ti/k3.rst | 316 ++++++++++++++-------
tools/binman/btool/openssl.py | 16 +-
tools/binman/etype/ti_secure.py | 90 ++++++
tools/binman/etype/x509_cert.py | 3 +-
tools/binman/ftest.py | 22 ++
tools/binman/test/319_ti_secure_firewall.dts | 28 ++
.../320_ti_secure_firewall_missing_property.dts | 28 ++
12 files changed, 999 insertions(+), 102 deletions(-)
---
base-commit: b05a184379631d13c4a49e423aa1324dc1ae6158
change-id: 20230724-binman-firewalling-65ecdb23ec0a
Best regards,
--
Manorit Chawdhry <m-chawdhry at ti.com>
More information about the U-Boot
mailing list