[PATCH] arm: dts: k3-j7200: Extend firewall for ATF region to TIFS

Chawdhry, Manorit m-chawdhry at ti.com
Tue Dec 16 06:20:49 CET 2025 

Hi Prasanth,

On 12/15/2025 4:16 PM, Prasanth Babu Mantena wrote:
> Extend the access to SRAM region of ATF to TIFS as well. This is
> needed for TIFS for encryption and decryption of ATF as a part of
> low power sequence.
> So, give permissions for TIFS to access this region.
> 
> Signed-off-by: Prasanth Babu Mantena <p-mantena at ti.com>
> ---
>   arch/arm/dts/k3-binman.dtsi       | 18 ++++++++++++++++--
>   arch/arm/dts/k3-j7200-binman.dtsi |  4 ++--
>   arch/arm/dts/k3-security.h        |  1 +
>   3 files changed, 19 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi
> index 761b1730464..6c5ebaa1f35 100644
> --- a/arch/arm/dts/k3-binman.dtsi
> +++ b/arch/arm/dts/k3-binman.dtsi
> @@ -479,7 +479,21 @@
>   		start_address = <0x0 0x70000000>;
>   		end_address = <0x0 0x7001ffff>;
>   	};
> -	firewall_armv8_optee_fg: template-8 {
> +	firewall_armv8_atf_tifs_fg: template-8 {
> +		control = <(FWCTRL_EN | FWCTRL_LOCK |
> +					FWCTRL_CACHE)>;
> +		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
> +						FWPERM_SECURE_PRIV_RWCD |
> +						FWPERM_SECURE_USER_RWCD)>,
> +					<((FWPRIVID_TIFS << FWPRIVID_SHIFT) |
> +						FWPERM_SECURE_PRIV_RWCD |
> +						FWPERM_SECURE_USER_RWCD |
> +						FWPERM_NON_SECURE_PRIV_RWCD |
> +						FWPERM_NON_SECURE_USER_RWCD)>;


I think you can use insert-template and insert the existing atf template 
in this one and just override the permissions, would make it much more 
readable, in that case I think you can add this template at the end too 
as it'll be evident that you are using the other atf reference and you 
can avoid all these override of template numbers too ig.

Regards,
Manorit

> +		start_address = <0x0 0x70000000>;
> +		end_address = <0x0 0x7001ffff>;
> +	};
> +	firewall_armv8_optee_fg: template-9 {
>   		control = <(FWCTRL_EN | FWCTRL_LOCK |
>   					FWCTRL_CACHE)>;
>   		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
> @@ -489,7 +503,7 @@
>   		end_address = <0x0 0x9fffffff>;
>   	};
>   
> -	ti_falcon_template: template-9 {
> +	ti_falcon_template: template-10 {
>   		filename = "tifalcon.bin";
>   		pad-byte = <0xff>;
>   
> diff --git a/arch/arm/dts/k3-j7200-binman.dtsi b/arch/arm/dts/k3-j7200-binman.dtsi
> index b4e0ce8bfcf..72490fc7617 100644
> --- a/arch/arm/dts/k3-j7200-binman.dtsi
> +++ b/arch/arm/dts/k3-j7200-binman.dtsi
> @@ -259,7 +259,7 @@
>   
>   						firewall-4760-1 {
>   							/* nb_slv0__mem0 Foreground Firewall */
> -							insert-template = <&firewall_armv8_atf_fg>;
> +							insert-template = <&firewall_armv8_atf_tifs_fg>;
>   							id = <4760>;
>   							region = <1>;
>   						};
> @@ -272,7 +272,7 @@
>   
>   						firewall-4761-1 {
>   							/* nb_slv1__mem0 Foreground Firewall */
> -							insert-template = <&firewall_armv8_atf_fg>;
> +							insert-template = <&firewall_armv8_atf_tifs_fg>;
>   							id = <4761>;
>   							region = <1>;
>   						};
> diff --git a/arch/arm/dts/k3-security.h b/arch/arm/dts/k3-security.h
> index 33609caa8fb..0b3f2cf3df1 100644
> --- a/arch/arm/dts/k3-security.h
> +++ b/arch/arm/dts/k3-security.h
> @@ -7,6 +7,7 @@
>   #define DTS_ARM64_TI_K3_FIREWALL_H
>   
>   #define FWPRIVID_ALL    0xc3
> +#define FWPRIVID_TIFS	0xca
>   #define FWPRIVID_ARMV8  1
>   #define FWPRIVID_SHIFT  16
>

More information about the U-Boot mailing list