[PATCH] arm: dts: k3-j7200: Extend firewall for ATF region to TIFS

Kumar, Udit u-kumar1 at ti.com
Tue Dec 16 03:36:28 CET 2025 

On 12/15/2025 4:16 PM, Prasanth Babu Mantena wrote:
> Extend the access to SRAM region of ATF to TIFS as well. This is
> needed for TIFS for encryption and decryption of ATF as a part of
> low power sequence.
> So, give permissions for TIFS to access this region.
>
> Signed-off-by: Prasanth Babu Mantena <p-mantena at ti.com>
> ---
>   arch/arm/dts/k3-binman.dtsi       | 18 ++++++++++++++++--
>   arch/arm/dts/k3-j7200-binman.dtsi |  4 ++--
>   arch/arm/dts/k3-security.h        |  1 +
>   3 files changed, 19 insertions(+), 4 deletions(-)
>
> diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi
> index 761b1730464..6c5ebaa1f35 100644
> --- a/arch/arm/dts/k3-binman.dtsi
> +++ b/arch/arm/dts/k3-binman.dtsi
> @@ -479,7 +479,21 @@
>   		start_address = <0x0 0x70000000>;
>   		end_address = <0x0 0x7001ffff>;
>   	};
> -	firewall_armv8_optee_fg: template-8 {
> +	firewall_armv8_atf_tifs_fg: template-8 {
> +		control = <(FWCTRL_EN | FWCTRL_LOCK |
> +					FWCTRL_CACHE)>;
> +		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
> +						FWPERM_SECURE_PRIV_RWCD |
> +						FWPERM_SECURE_USER_RWCD)>,
> +					<((FWPRIVID_TIFS << FWPRIVID_SHIFT) |
> +						FWPERM_SECURE_PRIV_RWCD |
> +						FWPERM_SECURE_USER_RWCD |
> +						FWPERM_NON_SECURE_PRIV_RWCD |
> +						FWPERM_NON_SECURE_USER_RWCD)>;


I think you don't need permission for Non-secure (priv and user)


> +		start_address = <0x0 0x70000000>;
> +		end_address = <0x0 0x7001ffff>;
> +	};
> +	firewall_armv8_optee_fg: template-9 {
>   		control = <(FWCTRL_EN | FWCTRL_LOCK |
>   					FWCTRL_CACHE)>;
>   		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
> @@ -489,7 +503,7 @@
>   		end_address = <0x0 0x9fffffff>;
>   	};
>   
> -	ti_falcon_template: template-9 {
> +	ti_falcon_template: template-10 {
>   		filename = "tifalcon.bin";
>   		pad-byte = <0xff>;
>   
> diff --git a/arch/arm/dts/k3-j7200-binman.dtsi b/arch/arm/dts/k3-j7200-binman.dtsi
> index b4e0ce8bfcf..72490fc7617 100644
> --- a/arch/arm/dts/k3-j7200-binman.dtsi
> +++ b/arch/arm/dts/k3-j7200-binman.dtsi
> @@ -259,7 +259,7 @@
>   
>   						firewall-4760-1 {
>   							/* nb_slv0__mem0 Foreground Firewall */
> -							insert-template = <&firewall_armv8_atf_fg>;
> +							insert-template = <&firewall_armv8_atf_tifs_fg>;
>   							id = <4760>;
>   							region = <1>;
>   						};
> @@ -272,7 +272,7 @@
>   
>   						firewall-4761-1 {
>   							/* nb_slv1__mem0 Foreground Firewall */
> -							insert-template = <&firewall_armv8_atf_fg>;
> +							insert-template = <&firewall_armv8_atf_tifs_fg>;
>   							id = <4761>;
>   							region = <1>;
>   						};
> diff --git a/arch/arm/dts/k3-security.h b/arch/arm/dts/k3-security.h
> index 33609caa8fb..0b3f2cf3df1 100644
> --- a/arch/arm/dts/k3-security.h
> +++ b/arch/arm/dts/k3-security.h
> @@ -7,6 +7,7 @@
>   #define DTS_ARM64_TI_K3_FIREWALL_H
>   
>   #define FWPRIVID_ALL    0xc3
> +#define FWPRIVID_TIFS	0xca
>   #define FWPRIVID_ARMV8  1
>   #define FWPRIVID_SHIFT  16
>

More information about the U-Boot mailing list