[RFC PATCH v2 0/8] ATF and OP-TEE Firewalling for K3 devices.

Manorit Chawdhry m-chawdhry at ti.com
Wed Sep 27 06:38:37 CEST 2023 

Hi Andrew,

On 09:25-20230926, Andrew Davis wrote:
> On 9/26/23 2:58 AM, Manorit Chawdhry wrote:
> > K3 devices have firewalls that are used to prevent illegal accesses to
> > memory regions that are deemed secure. The series prevents the illegal
> > accesses to ATF and OP-TEE regions that are present in different K3
> > devices.
> > 
> > AM62AX and AM64X are currently in hold due to some firewall
> > configurations that our System Controller (TIFS) needs to handle.
> > 
> > Signed-off-by: Manorit Chawdhry <m-chawdhry at ti.com>
> > ---
> 
> You have mixed tabs and spaces in the .dtsi patches.

Thanks for this, would be sending a v3 with the fixes.

Regards,
Manorit

> 
> Andrew
> 
> > Changes in v2:
> > 
> > Andrew:
> >      - Make the firewall DTS more readable with CONSTANTS
> > 
> > Neha:
> >      - Move GetHexOctet to dtoc for common usage
> >      - Update the documentation in ti-secure
> >      - s/indentifier/identifier/
> >      - Add firewall binman test
> > 
> > - Remove slave firewall multiple background regions
> >    ( Single firewall region works fine )
> > - Add a check in the subnodes to check for the node.name 'firewall'
> > - Change firewall indexing with id and region number so that it is easy
> >    to purge out firewalls and we don't need to redo the numbering.
> > - Add information for all the firewalls.
> > - Link to v1: https://lore.kernel.org/u-boot/20230905-binman-firewalling-v1-0-3894520bff8a@ti.com/
> > 
> > ---
> > Manorit Chawdhry (8):
> >        dtoc: openssl: Add GetHexOctet method
> >        binman: ti-secure: Add support for firewalling entities
> >        binman: ftest: Add test for ti-secure firewall node
> >        binman: k3: add k3-security.h and include it in k3-binman.dtsi
> >        binman: j721e: Add firewall configurations for atf
> >        binman: am62x: Add firewalling configurations
> >        binman: j721s2: Add firewall configurations
> >        binman: j7200: Add firewall configurations
> > 
> >   arch/arm/dts/k3-am625-sk-binman.dtsi         |  49 +++++++
> >   arch/arm/dts/k3-binman.dtsi                  |   2 +
> >   arch/arm/dts/k3-j7200-binman.dtsi            | 137 ++++++++++++++++++
> >   arch/arm/dts/k3-j721e-binman.dtsi            | 183 ++++++++++++++++++++++++
> >   arch/arm/dts/k3-j721s2-binman.dtsi           | 206 +++++++++++++++++++++++++++
> >   arch/arm/dts/k3-security.h                   |  58 ++++++++
> >   tools/binman/btool/openssl.py                |  16 ++-
> >   tools/binman/etype/ti_secure.py              |  85 +++++++++++
> >   tools/binman/etype/x509_cert.py              |   3 +-
> >   tools/binman/ftest.py                        |  12 ++
> >   tools/binman/test/311_ti_secure_firewall.dts |  28 ++++
> >   tools/dtoc/fdt_util.py                       |  20 +++
> >   12 files changed, 796 insertions(+), 3 deletions(-)
> > ---
> > base-commit: 2fe4b54556ea6271237b35de68dc458bfceab94c
> > change-id: 20230724-binman-firewalling-65ecdb23ec0a
> > 
> > Best regards,

More information about the U-Boot mailing list