[RFC PATCH v2 0/8] ATF and OP-TEE Firewalling for K3 devices.

Andrew Davis afd at ti.com
Tue Sep 26 16:25:58 CEST 2023 

On 9/26/23 2:58 AM, Manorit Chawdhry wrote:
> K3 devices have firewalls that are used to prevent illegal accesses to
> memory regions that are deemed secure. The series prevents the illegal
> accesses to ATF and OP-TEE regions that are present in different K3
> devices.
> 
> AM62AX and AM64X are currently in hold due to some firewall
> configurations that our System Controller (TIFS) needs to handle.
> 
> Signed-off-by: Manorit Chawdhry <m-chawdhry at ti.com>
> ---

You have mixed tabs and spaces in the .dtsi patches.

Andrew

> Changes in v2:
> 
> Andrew:
>      - Make the firewall DTS more readable with CONSTANTS
> 
> Neha:
>      - Move GetHexOctet to dtoc for common usage
>      - Update the documentation in ti-secure
>      - s/indentifier/identifier/
>      - Add firewall binman test
> 
> - Remove slave firewall multiple background regions
>    ( Single firewall region works fine )
> - Add a check in the subnodes to check for the node.name 'firewall'
> - Change firewall indexing with id and region number so that it is easy
>    to purge out firewalls and we don't need to redo the numbering.
> - Add information for all the firewalls.
> - Link to v1: https://lore.kernel.org/u-boot/20230905-binman-firewalling-v1-0-3894520bff8a@ti.com/
> 
> ---
> Manorit Chawdhry (8):
>        dtoc: openssl: Add GetHexOctet method
>        binman: ti-secure: Add support for firewalling entities
>        binman: ftest: Add test for ti-secure firewall node
>        binman: k3: add k3-security.h and include it in k3-binman.dtsi
>        binman: j721e: Add firewall configurations for atf
>        binman: am62x: Add firewalling configurations
>        binman: j721s2: Add firewall configurations
>        binman: j7200: Add firewall configurations
> 
>   arch/arm/dts/k3-am625-sk-binman.dtsi         |  49 +++++++
>   arch/arm/dts/k3-binman.dtsi                  |   2 +
>   arch/arm/dts/k3-j7200-binman.dtsi            | 137 ++++++++++++++++++
>   arch/arm/dts/k3-j721e-binman.dtsi            | 183 ++++++++++++++++++++++++
>   arch/arm/dts/k3-j721s2-binman.dtsi           | 206 +++++++++++++++++++++++++++
>   arch/arm/dts/k3-security.h                   |  58 ++++++++
>   tools/binman/btool/openssl.py                |  16 ++-
>   tools/binman/etype/ti_secure.py              |  85 +++++++++++
>   tools/binman/etype/x509_cert.py              |   3 +-
>   tools/binman/ftest.py                        |  12 ++
>   tools/binman/test/311_ti_secure_firewall.dts |  28 ++++
>   tools/dtoc/fdt_util.py                       |  20 +++
>   12 files changed, 796 insertions(+), 3 deletions(-)
> ---
> base-commit: 2fe4b54556ea6271237b35de68dc458bfceab94c
> change-id: 20230724-binman-firewalling-65ecdb23ec0a
> 
> Best regards,

More information about the U-Boot mailing list