[RFC PATCH 2/2] binman: j721e: Add firewall configurations for atf
Manorit Chawdhry
m-chawdhry at ti.com
Wed Sep 6 07:02:31 CEST 2023
Hi Neha, Andrew,
On 09:20-20230906, Neha Malcom Francis wrote:
> Hi Andrew,
>
> On 05/09/23 20:52, Andrew Davis wrote:
> > On 9/5/23 3:21 AM, Manorit Chawdhry wrote:
> > > The following commits adds the configuration of firewalls required to
> > > protect ATF and OP-TEE memory region from non-secure reads and
> > > writes using master and slave firewalls present in our K3 SOCs.
>
> [...]
>
> > > + // cpu_0_cpu_0_msmc Foreground Firewall
> > > + firewall-1 {
> > > + id = <257>;
> > > + region = <1>;
> > > + control = <0x1a>;
> > > + permissions = <0x0100ff>;
> > > + start_address = <0x0 0x70000000>;
> >
> > This address might change if one moves ATF, might work to use
> > CONFIG_K3_ATF_LOAD_ADDR?
> > Not sure how you would get the end address as we don't really know ATF size..
> >
>
> I think this could be handled within binman IF CONFIG_K3_ATF_LOAD_ADDR and
> the ATF binary were not only A53/A72 inputs. But since it is, I don't see
> how that can be implemented.
>
Andrew,
I don't think that just using the CONFIG would be a good solution as
the slave firewalls would not be able to protect the updated ATF address.
Maybe we can use configs and put some warning in build time if the ATF
address is not the default, would see how this could be done getting the
size is still an issue as Neha mentioned that they have to be inputs for
all the build stages.
Neha,
Would you be able to elaborate more on that part?
Regards,
Manorit
> > Andrew
>
> --
> Thanking You
> Neha Malcom Francis
More information about the U-Boot
mailing list