Manorit Chawdhry <m-chawdhry@ti.com> says:
K3 devices have firewalls that are used to prevent illegal accesses to
memory regions that are deemed secure. The series prevents the illegal
accesses to ATF and OP-TEE regions that are present in different K3
devices.
AM62X, AM62AX and AM64X are currently in hold due to some firewall
configurations that our System Controller (TIFS) needs to handle.
The devices that are not configured with the firewalling nodes will not
be affected and can continue to work fine until the firewall nodes are
added so will be a non-blocking merge.
Test Logs: https://gist.github.com/manorit2001/4cead2fb3a19eb5d19005b3f54682627
CICD Run: https://github.com/u-boot/u-boot/pull/442
This commit adds a general flow to explain the usage of firewalls and
the chain of trust in K3 devices.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
The following commits adds the configuration of firewalls required to
protect ATF and OP-TEE memory region from non-secure reads and
writes using master and slave firewalls present in our K3 SOCs.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Tested-by: Thomas Richard <thomas.richard@bootlin.com>
The following commits adds the configuration of firewalls required to
protect ATF and OP-TEE memory region from non-secure reads and
writes using master and slave firewalls present in our K3 SOCs.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
The following commits adds the configuration of firewalls required to
protect ATF and OP-TEE memory region from non-secure reads and
writes using master and slave firewalls present in our K3 SOCs.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
For readability during configuring firewalls, adding k3-security.h file
and including it in k3-binman.dtsi to be accessible across K3 SoCs
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.
The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Fix the error message to not use dst and use self as it is copying the
properties to self.
While using templating if there are no subnodes defined, we end up in
this situation where "dst" isn't defined and it tries to print the error
message and fails.
'UnboundLocalError: local variable 'dst' referenced before assignment'
Fixes: 55e1278d5e ("dtoc: Allow inserting a list of nodes into another")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Kernel commit 1b77265626a4 ("arm64: dts: ti: k3-j7200-mcu-wakeup: Add
HyperBus node") was merged to kernel without its dependent patch [1].
Similar fix is needed in U-Boot, and hbmc currently breaks boot. Till
this gets fixed in U-Boot, disable the config by default so that the
hbmc probe that happens in board/ti/j721e/evm.c will not take place
and lead to boot failure.
This is similar to the approach in commit 5b2671594b ("configs:
j721e: Remove HBMC_AM654 config"), introduced to j7200 evm platform.
[1] https://lore.kernel.org/all/20230424184810.29453-1-afd@ti.com/
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
Principle is exactly the same as on T124, testing of register
which behaves differently in secure and non-secure states.
Signed-off-by: Svyatoslav Ryhel <clamor95@gmail.com>
A "F: foo*" entry does not match any foo*/ folder nor its subtree,
another "F: foo*/" entry is needed for that.
Add missing foo*/ entries where an existing folder was ignored,
so this folder and its subtree is properly covered.
Arm tegra, Arm TI and Environment sections are affected.
Cc: Tom Rini <trini@konsulko.com>
Cc: Thierry Reding <treding@nvidia.com>
Cc: Svyatoslav Ryhel <clamor95@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Anthony Loiseau <anthony.loiseau@allcircuits.com>
Commit 19a91f2464 ("Create a new boot/ directory") moved the
android_ab.c code under boot/android_ab but did not update
the MAINTAINERS entry.
Update it so that the maintainer will get cc'ed again.
Fixes: 19a91f2464 ("Create a new boot/ directory")
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
main_timer0 is used by u-boot as the tick-timer. Add it to the soc
devices list so it an be enabled via the k3 power controller.
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
Bryan Brattlof <bb@ti.com> says:
Hello Again Everyone!
This series gets the am65x booting again along with syncing the device
tree files with v6.7-rc1 Linux.
The bulk of these patches unify the WKUP SPL board file with the arm64
files to make future syncs from Linux much easier. In the end the DTBs
should look a lot like what the DTBs look like for the am64x which
is fairly similar to the am65x.
For those interested in what UART boot looks like:
https://paste.sr.ht/~bryanb/7df8a645dc548912cd806abd5ecab967ef3287bc
Many nodes are reused between WKUP SPL, MAIN SPL, and U-Boot. Using
bootph-pre-ram is causing these nodes to be present in SPL builds but
pruned away during the U-Boot build. Convert these nodes to bootph-all
so they will remain no matter which dtb build is happening.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have a
duplicate mcu secure proxy node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
The dummy_clock node is used to help the drivers probe the IO needed to
setup consoles and boot media to load firmware into the SoC.
This dummy_clock isn't a device that exists nor does it exist in the
mcu domain. So move it from cbass_mcu to the root node to avoid any
confusion.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
These aliases are not needed in U-Boot. Remove them
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we have duplicate
properties in the root node. Remove them
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have a
duplicate vtt_pinmux node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have a
duplicate mdio node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
The pinmux for usb0 is missing from the Linux board dtb file. Remove it
until we can introduce it in Linux
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have a
duplicate ospi0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have a
duplicate wkup_i2c0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have a
duplicate sdhci1 pinmux node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have
a duplicate sdhci0 pinmux node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have a
duplicate main_uart0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified we now have a
duplicate mcu_uart0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
Ethernet is one of a few IPs in U-Boot that depend on DMA to operate.
However there are a few missing registers ranges in the udmap nodes
need to properly setup DMA for the am65x.
A fix has been added to the Linux kernel[0] to add these ranges however
they have not made it to a Linux tag. To keep DMA operational until the
next DT sync from Linux, add these ranges to the *-u-boot.dtsi with a
note for our future selves.
[0] https://lore.kernel.org/r/20231213135138.929517-2-vigneshr@ti.com
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have a
duplicate mcu_udmap node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified, we now have a
duplicate mcu_ringacc node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
timer1 is really just the mcu_timer0 node redefined for the WKUP SPL.
Remove the timer1 and replace it with the mcu_timer0 from the Linux
device tree we imported into U-Boot.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board files unified, we now have a duplicate
wkup_uart0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
With the Linux and U-Boot board dtb files unified we now have a
duplicate vtt_supply node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
To make things as organized as possible, start from the Linux board dtbs
and apply all properties needed for U-Boot in our *-u-boot.dtsi file for
the MAIN SPL and U-Boot builds.
We can then include these files for the WKUP SPL build making further
edits to the needed properties and nodes for the WKUP SPL bootloader's
view of the am65x.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
In order to unify the R5 board dtb file with the Linux board dtb file,
we will need to copy all bootph-pre-ram properties to the *-u-boot.dtsi
overlay.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
Pull in dtb updates for the am654 base board from v6.7-rc1 of Linux
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
The R5 board file for U-Boot should be the same as the board file copied
from Linux with a few alterations to work with the R5's view of the SoC.
First we need to unify the R5 board file and it's U-Boot overlay before
we can unify the Linux board file with this one.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
We do not have a need to share a single console with the evaluation
board and disabling this option reduces the complexity of configuring
the consoles. Disable CONSOLE_MUX
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
Some of the regulators we need to successfully boot are fixed
regulators. Enable the driver to properly probe them.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
TEGRA114_CLK_MIPI_CAL is a fixed child of PLLP and is used
as clock source of the MIPI PHY calibration mechanism.
Signed-off-by: Svyatoslav Ryhel <clamor95@gmail.com>
