mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-04 10:30:32 +00:00
8ae586e08c
The following commits adds the configuration of firewalls required to protect ATF and OP-TEE memory region from non-secure reads and writes using master and slave firewalls present in our K3 SOCs. Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> Tested-by: Thomas Richard <thomas.richard@bootlin.com>
445 lines
8.9 KiB
Text
445 lines
8.9 KiB
Text
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (C) 2022-2023 Texas Instruments Incorporated - https://www.ti.com/
|
|
*/
|
|
|
|
#include "k3-binman.dtsi"
|
|
|
|
#ifdef CONFIG_TARGET_J7200_R5_EVM
|
|
|
|
&bcfg_yaml {
|
|
config = "board-cfg_j7200.yaml";
|
|
};
|
|
|
|
&rcfg_yaml {
|
|
config = "rm-cfg_j7200.yaml";
|
|
};
|
|
|
|
&pcfg_yaml {
|
|
config = "pm-cfg_j7200.yaml";
|
|
};
|
|
|
|
&scfg_yaml {
|
|
config = "sec-cfg_j7200.yaml";
|
|
};
|
|
|
|
&bcfg_yaml_tifs {
|
|
config = "board-cfg_j7200.yaml";
|
|
};
|
|
|
|
&rcfg_yaml_tifs {
|
|
config = "rm-cfg_j7200.yaml";
|
|
};
|
|
|
|
&pcfg_yaml_tifs {
|
|
config = "pm-cfg_j7200.yaml";
|
|
};
|
|
|
|
&scfg_yaml_tifs {
|
|
config = "sec-cfg_j7200.yaml";
|
|
};
|
|
|
|
&rcfg_yaml_dm {
|
|
config = "rm-cfg_j7200.yaml";
|
|
};
|
|
|
|
&pcfg_yaml_dm {
|
|
config = "pm-cfg_j7200.yaml";
|
|
};
|
|
|
|
&binman {
|
|
tiboot3-j7200_sr2-hs-evm.bin {
|
|
filename = "tiboot3-j7200_sr2-hs-evm.bin";
|
|
ti-secure-rom {
|
|
content = <&u_boot_spl>, <&ti_fs_enc>, <&combined_tifs_cfg>,
|
|
<&combined_dm_cfg>, <&sysfw_inner_cert>;
|
|
combined;
|
|
dm-data;
|
|
sysfw-inner-cert;
|
|
keyfile = "custMpk.pem";
|
|
sw-rev = <1>;
|
|
content-sbl = <&u_boot_spl>;
|
|
content-sysfw = <&ti_fs_enc>;
|
|
content-sysfw-data = <&combined_tifs_cfg>;
|
|
content-sysfw-inner-cert = <&sysfw_inner_cert>;
|
|
content-dm-data = <&combined_dm_cfg>;
|
|
load = <0x41c00000>;
|
|
load-sysfw = <0x40000>;
|
|
load-sysfw-data = <0x7f000>;
|
|
load-dm-data = <0x41c80000>;
|
|
};
|
|
u_boot_spl: u-boot-spl {
|
|
no-expanded;
|
|
};
|
|
ti_fs_enc: ti-fs-enc.bin {
|
|
filename = "ti-sysfw/ti-fs-firmware-j7200_sr2-hs-enc.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_tifs_cfg: combined-tifs-cfg.bin {
|
|
filename = "combined-tifs-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
sysfw_inner_cert: sysfw-inner-cert {
|
|
filename = "ti-sysfw/ti-fs-firmware-j7200_sr2-hs-cert.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_dm_cfg: combined-dm-cfg.bin {
|
|
filename = "combined-dm-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
tiboot3-j7200_sr2-hs-fs-evm.bin {
|
|
filename = "tiboot3-j7200_sr2-hs-fs-evm.bin";
|
|
ti-secure-rom {
|
|
content = <&u_boot_spl_fs>, <&ti_fs_enc_fs>, <&combined_tifs_cfg_fs>,
|
|
<&combined_dm_cfg_fs>, <&sysfw_inner_cert_fs>;
|
|
combined;
|
|
dm-data;
|
|
sysfw-inner-cert;
|
|
keyfile = "custMpk.pem";
|
|
sw-rev = <1>;
|
|
content-sbl = <&u_boot_spl_fs>;
|
|
content-sysfw = <&ti_fs_enc_fs>;
|
|
content-sysfw-data = <&combined_tifs_cfg_fs>;
|
|
content-sysfw-inner-cert = <&sysfw_inner_cert_fs>;
|
|
content-dm-data = <&combined_dm_cfg_fs>;
|
|
load = <0x41c00000>;
|
|
load-sysfw = <0x40000>;
|
|
load-sysfw-data = <0x7f000>;
|
|
load-dm-data = <0x41c80000>;
|
|
};
|
|
u_boot_spl_fs: u-boot-spl {
|
|
no-expanded;
|
|
};
|
|
ti_fs_enc_fs: ti-fs-enc.bin {
|
|
filename = "ti-sysfw/ti-fs-firmware-j7200_sr2-hs-fs-enc.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_tifs_cfg_fs: combined-tifs-cfg.bin {
|
|
filename = "combined-tifs-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
sysfw_inner_cert_fs: sysfw-inner-cert {
|
|
filename = "ti-sysfw/ti-fs-firmware-j7200_sr2-hs-fs-cert.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_dm_cfg_fs: combined-dm-cfg.bin {
|
|
filename = "combined-dm-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
tiboot3-j7200-gp-evm.bin {
|
|
filename = "tiboot3-j7200-gp-evm.bin";
|
|
symlink = "tiboot3.bin";
|
|
ti-secure-rom {
|
|
content = <&u_boot_spl_unsigned>, <&ti_fs_gp>,
|
|
<&combined_tifs_cfg_gp>, <&combined_dm_cfg_gp>;
|
|
combined;
|
|
dm-data;
|
|
content-sbl = <&u_boot_spl_unsigned>;
|
|
load = <0x41c00000>;
|
|
content-sysfw = <&ti_fs_gp>;
|
|
load-sysfw = <0x40000>;
|
|
content-sysfw-data = <&combined_tifs_cfg_gp>;
|
|
load-sysfw-data = <0x7f000>;
|
|
content-dm-data = <&combined_dm_cfg_gp>;
|
|
load-dm-data = <0x41c80000>;
|
|
sw-rev = <1>;
|
|
keyfile = "ti-degenerate-key.pem";
|
|
};
|
|
u_boot_spl_unsigned: u-boot-spl {
|
|
no-expanded;
|
|
};
|
|
ti_fs_gp: ti-fs-gp.bin {
|
|
filename = "ti-sysfw/ti-fs-firmware-j7200-gp.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_tifs_cfg_gp: combined-tifs-cfg-gp.bin {
|
|
filename = "combined-tifs-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
combined_dm_cfg_gp: combined-dm-cfg-gp.bin {
|
|
filename = "combined-dm-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
};
|
|
};
|
|
|
|
#endif
|
|
|
|
#ifdef CONFIG_TARGET_J7200_A72_EVM
|
|
|
|
#define SPL_J7200_EVM_DTB "spl/dts/k3-j7200-common-proc-board.dtb"
|
|
#define J7200_EVM_DTB "u-boot.dtb"
|
|
|
|
&binman {
|
|
ti-dm {
|
|
filename = "ti-dm.bin";
|
|
blob-ext {
|
|
filename = "ti-dm/j7200/ipc_echo_testb_mcu1_0_release_strip.xer5f";
|
|
};
|
|
};
|
|
ti-spl {
|
|
insert-template = <&ti_spl_template>;
|
|
|
|
fit {
|
|
images {
|
|
atf {
|
|
ti-secure {
|
|
auth-in-place = <0xa02>;
|
|
|
|
firewall-257-0 {
|
|
/* cpu_0_cpu_0_msmc Background Firewall */
|
|
insert-template = <&firewall_bg_1>;
|
|
id = <257>;
|
|
region = <0>;
|
|
};
|
|
|
|
firewall-257-1 {
|
|
/* cpu_0_cpu_0_msmc Foreground Firewall */
|
|
insert-template = <&firewall_armv8_atf_fg>;
|
|
id = <257>;
|
|
region = <1>;
|
|
};
|
|
|
|
/* firewall-4760-0 {
|
|
* nb_slv0__mem0 Background Firewall
|
|
* Already configured by the secure entity
|
|
* };
|
|
*/
|
|
|
|
firewall-4760-1 {
|
|
/* nb_slv0__mem0 Foreground Firewall */
|
|
insert-template = <&firewall_armv8_atf_fg>;
|
|
id = <4760>;
|
|
region = <1>;
|
|
};
|
|
|
|
/* firewall-4761-0 {
|
|
* nb_slv1__mem0 Background Firewall
|
|
* Already configured by the secure entity
|
|
* };
|
|
*/
|
|
|
|
firewall-4761-1 {
|
|
/* nb_slv1__mem0 Foreground Firewall */
|
|
insert-template = <&firewall_armv8_atf_fg>;
|
|
id = <4761>;
|
|
region = <1>;
|
|
};
|
|
};
|
|
};
|
|
|
|
tee {
|
|
ti-secure {
|
|
auth-in-place = <0xa02>;
|
|
|
|
/* cpu_0_cpu_0_msmc region 0 and 1 configured
|
|
* during ATF Firewalling
|
|
*/
|
|
|
|
firewall-257-2 {
|
|
/* cpu_0_cpu_0_msmc Foreground Firewall */
|
|
insert-template = <&firewall_armv8_optee_fg>;
|
|
id = <257>;
|
|
region = <2>;
|
|
};
|
|
|
|
firewall-4762-0 {
|
|
/* nb_slv2__mem0 Background Firewall - 0 */
|
|
insert-template = <&firewall_bg_3>;
|
|
id = <4762>;
|
|
region = <0>;
|
|
};
|
|
|
|
firewall-4762-1 {
|
|
/* nb_slv2__mem0 Foreground Firewall */
|
|
insert-template = <&firewall_armv8_optee_fg>;
|
|
id = <4762>;
|
|
region = <1>;
|
|
};
|
|
|
|
firewall-4763-0 {
|
|
/* nb_slv3__mem0 Background Firewall - 0 */
|
|
insert-template = <&firewall_bg_3>;
|
|
id = <4763>;
|
|
region = <0>;
|
|
};
|
|
|
|
firewall-4763-1 {
|
|
/* nb_slv3__mem0 Foreground Firewall */
|
|
insert-template = <&firewall_armv8_optee_fg>;
|
|
id = <4763>;
|
|
region = <1>;
|
|
};
|
|
};
|
|
};
|
|
dm {
|
|
ti-secure {
|
|
content = <&dm>;
|
|
keyfile = "custMpk.pem";
|
|
};
|
|
dm: ti-dm {
|
|
filename = "ti-dm.bin";
|
|
};
|
|
};
|
|
|
|
fdt-0 {
|
|
description = "k3-j7200-common-proc-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
ti-secure {
|
|
content = <&spl_j7200_evm_dtb>;
|
|
keyfile = "custMpk.pem";
|
|
};
|
|
spl_j7200_evm_dtb: blob-ext {
|
|
filename = SPL_J7200_EVM_DTB;
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
configurations {
|
|
default = "conf-0";
|
|
|
|
conf-0 {
|
|
description = "k3-j7200-common-proc-board";
|
|
firmware = "atf";
|
|
loadables = "tee", "dm", "spl";
|
|
fdt = "fdt-0";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
u-boot {
|
|
insert-template = <&u_boot_template>;
|
|
|
|
fit {
|
|
images {
|
|
uboot {
|
|
description = "U-Boot for J7200 Board";
|
|
};
|
|
|
|
fdt-0 {
|
|
description = "k3-j7200-common-proc-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
ti-secure {
|
|
content = <&j7200_evm_dtb>;
|
|
keyfile = "custMpk.pem";
|
|
};
|
|
j7200_evm_dtb: blob-ext {
|
|
filename = J7200_EVM_DTB;
|
|
};
|
|
hash {
|
|
algo = "crc32";
|
|
};
|
|
};
|
|
};
|
|
|
|
configurations {
|
|
default = "conf-0";
|
|
|
|
conf-0 {
|
|
description = "k3-j7200-common-proc-board";
|
|
firmware = "uboot";
|
|
loadables = "uboot";
|
|
fdt = "fdt-0";
|
|
};
|
|
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
ti-spl_unsigned {
|
|
insert-template = <&ti_spl_unsigned_template>;
|
|
|
|
fit {
|
|
images {
|
|
dm {
|
|
ti-dm {
|
|
filename = "ti-dm.bin";
|
|
};
|
|
};
|
|
|
|
fdt-1 {
|
|
description = "k3-j7200-common-proc-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
blob {
|
|
filename = SPL_J7200_EVM_DTB;
|
|
};
|
|
};
|
|
};
|
|
|
|
configurations {
|
|
default = "conf-1";
|
|
|
|
conf-1 {
|
|
description = "k3-j7200-common-proc-board";
|
|
firmware = "atf";
|
|
loadables = "tee", "dm", "spl";
|
|
fdt = "fdt-1";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
u-boot_unsigned {
|
|
insert-template = <&u_boot_unsigned_template>;
|
|
|
|
fit {
|
|
images {
|
|
uboot {
|
|
description = "U-Boot for J7200 Board";
|
|
};
|
|
|
|
fdt-1 {
|
|
description = "k3-j7200-common-proc-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
blob {
|
|
filename = J7200_EVM_DTB;
|
|
};
|
|
hash {
|
|
algo = "crc32";
|
|
};
|
|
};
|
|
};
|
|
|
|
configurations {
|
|
default = "conf-1";
|
|
|
|
conf-1 {
|
|
description = "k3-j7200-common-proc-board";
|
|
firmware = "uboot";
|
|
loadables = "uboot";
|
|
fdt = "fdt-1";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
#endif
|