[PATCH v4 6/9] ddr: altera: soc64: Add secure region support for ATF flow

Chee, Tien Fong tien.fong.chee at altera.com
Wed Jun 10 10:50:40 CEST 2026 

On 5/6/2026 9:55 am, alif.zakuan.yuslaimi at altera.com wrote:
> From: Alif Zakuan Yuslaimi <alif.zakuan.yuslaimi at altera.com>
>
> Setting up firewall regions based on SDRAM memory banks configuration
> (up to CONFIG_NR_DRAM_BANKS banks) instead of using whole address space.
>
> First 1 MiB (0 to 0xfffff) of SDRAM is configured as secure region,
> other address spaces are non-secure regions. The ARM Trusted Firmware (ATF)
> image is located in this first 1 MiB memory region. So, this can prevent
> software executing at non-secure state EL0-EL2 and non-secure masters
> access to secure region.
>
> Add common function for firewall setup and reuse for all SoC64 devices.
>
> Signed-off-by: Alif Zakuan Yuslaimi <alif.zakuan.yuslaimi at altera.com>
> ---
>
> (no changes since v1)
>
>   drivers/ddr/altera/sdram_s10.c | 16 ++--------------
>   1 file changed, 2 insertions(+), 14 deletions(-)
>
> diff --git a/drivers/ddr/altera/sdram_s10.c b/drivers/ddr/altera/sdram_s10.c
> index 1497a8e4aab..aed53ae58eb 100644
> --- a/drivers/ddr/altera/sdram_s10.c
> +++ b/drivers/ddr/altera/sdram_s10.c
> @@ -78,20 +78,6 @@ int sdram_mmr_init_full(struct udevice *dev)
>   	phys_size_t hw_size;
>   	struct bd_info bd = {0};
>   
> -	/* this enables nonsecure access to DDR */
> -	/* mpuregion0addr_limit */
> -	FW_MPU_DDR_SCR_WRITEL(0xFFFF0000, FW_MPU_DDR_SCR_MPUREGION0ADDR_LIMIT);
> -	FW_MPU_DDR_SCR_WRITEL(0x1F, FW_MPU_DDR_SCR_MPUREGION0ADDR_LIMITEXT);
> -
> -	/* nonmpuregion0addr_limit */
> -	FW_MPU_DDR_SCR_WRITEL(0xFFFF0000,
> -			      FW_MPU_DDR_SCR_NONMPUREGION0ADDR_LIMIT);
> -	FW_MPU_DDR_SCR_WRITEL(0x1F, FW_MPU_DDR_SCR_NONMPUREGION0ADDR_LIMITEXT);
> -
> -	/* Enable mpuregion0enable and nonmpuregion0enable */
> -	FW_MPU_DDR_SCR_WRITEL(MPUREGION0_ENABLE | NONMPUREGION0_ENABLE,
> -			      FW_MPU_DDR_SCR_EN_SET);
> -
>   	/* Ensure HMC clock is running */
>   	if (poll_hmc_clock_status()) {
>   		puts("DDR: Error as HMC clock not running\n");
> @@ -284,6 +270,8 @@ int sdram_mmr_init_full(struct udevice *dev)
>   
>   	sdram_size_check(&bd);
>   
> +	sdram_set_firewall(&bd);
> +
>   	priv->info.base = bd.bi_dram[0].start;
>   	priv->info.size = gd->ram_size;
>   


Reviewed-by: Tien Fong Chee <tien.fong.chee at altera.com>

Best regards,
Tien Fong

More information about the U-Boot mailing list