[PATCH 1/2] rockchip: rk3576: Allow pmu sram access for non-secure masters
Quentin Schulz
quentin.schulz at cherry.de
Wed Jan 14 17:27:36 CET 2026
Hi Jonas,
On 1/8/26 2:32 PM, Jonas Karlman wrote:
> The firewall block access to pmu sram for non-secure masters by default
> after reset (0xffffbfff).
>
> Change the pmu lookup configuration to match the default lookup config
> for ddr and system sram (0xffff3fff) to allow loading TF-A using DMA.
>
What is this "default" lookup config and where does it come from? You
say it's 0xffffbfff after reset and it's set to something different
after a TF-A has configured the firewall... Is it after a cold boot?
That somehow is different than a warm reset maybe?
> Mainline TF-A will re-configure the firewall to use an even less
> restrictive lookup (0xbffe3ff0), so this change is not expected to have
[1][2]
> any real security implication.
>
[1]
https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/rockchip/rk3576/drivers/secure/firewall.c#L522C36-L522C46
[2]
https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/rockchip/rk3576/drivers/secure/firewall.c#L611-L613
For the proof :)
> Signed-off-by: Jonas Karlman <jonas at kwiboo.se>
> ---
> arch/arm/mach-rockchip/rk3576/rk3576.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/arch/arm/mach-rockchip/rk3576/rk3576.c b/arch/arm/mach-rockchip/rk3576/rk3576.c
> index a1e8a7572fa4..c17ba418ced5 100644
> --- a/arch/arm/mach-rockchip/rk3576/rk3576.c
> +++ b/arch/arm/mach-rockchip/rk3576/rk3576.c
> @@ -26,6 +26,9 @@
> #define SYS_SGRF_SOC_CON15 0x005C
> #define SYS_SGRF_SOC_CON20 0x0070
>
> +#define FW_PMU1SGRF_BASE 0x26003000
> +#define PMU1SGRF_SLV_LOOKUP0 0x80
> +
How about using the same names as in TF-A?
PMU1SGRF_FW_BASE instead of FW_PMU1SGRF_BASE and
FW_PMU_SGRF_SLV_LOOKUP(x) instead of PMU1SGRF_SLV_LOOKUP0?
I cannot test this as I don't have an RK3576 board but it looks ok to me.
Cheers,
Quentin
More information about the U-Boot
mailing list