mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-04 10:30:32 +00:00
b8dea0c85e
The following commits adds the configuration of firewalls required to protect ATF and OP-TEE memory region from non-secure reads and writes using master and slave firewalls present in our K3 SOCs. Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
524 lines
11 KiB
Text
524 lines
11 KiB
Text
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (C) 2022-2023 Texas Instruments Incorporated - https://www.ti.com/
|
|
*/
|
|
|
|
#include "k3-binman.dtsi"
|
|
|
|
#ifdef CONFIG_TARGET_J721S2_R5_EVM
|
|
|
|
&binman {
|
|
tiboot3-j721s2-hs-evm.bin {
|
|
filename = "tiboot3-j721s2-hs-evm.bin";
|
|
ti-secure-rom {
|
|
content = <&u_boot_spl>, <&ti_fs_enc>, <&combined_tifs_cfg>,
|
|
<&combined_dm_cfg>, <&sysfw_inner_cert>;
|
|
combined;
|
|
dm-data;
|
|
sysfw-inner-cert;
|
|
keyfile = "custMpk.pem";
|
|
sw-rev = <1>;
|
|
content-sbl = <&u_boot_spl>;
|
|
content-sysfw = <&ti_fs_enc>;
|
|
content-sysfw-data = <&combined_tifs_cfg>;
|
|
content-sysfw-inner-cert = <&sysfw_inner_cert>;
|
|
content-dm-data = <&combined_dm_cfg>;
|
|
load = <0x41c00000>;
|
|
load-sysfw = <0x40000>;
|
|
load-sysfw-data = <0x67000>;
|
|
load-dm-data = <0x41c80000>;
|
|
};
|
|
u_boot_spl: u-boot-spl {
|
|
no-expanded;
|
|
};
|
|
ti_fs_enc: ti-fs-enc.bin {
|
|
filename = "ti-sysfw/ti-fs-firmware-j721s2-hs-enc.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_tifs_cfg: combined-tifs-cfg.bin {
|
|
filename = "combined-tifs-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
sysfw_inner_cert: sysfw-inner-cert {
|
|
filename = "ti-sysfw/ti-fs-firmware-j721s2-hs-cert.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_dm_cfg: combined-dm-cfg.bin {
|
|
filename = "combined-dm-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
tiboot3-j721s2-hs-fs-evm.bin {
|
|
filename = "tiboot3-j721s2-hs-fs-evm.bin";
|
|
ti-secure-rom {
|
|
content = <&u_boot_spl_fs>, <&ti_fs_enc_fs>, <&combined_tifs_cfg_fs>,
|
|
<&combined_dm_cfg_fs>, <&sysfw_inner_cert_fs>;
|
|
combined;
|
|
dm-data;
|
|
sysfw-inner-cert;
|
|
keyfile = "custMpk.pem";
|
|
sw-rev = <1>;
|
|
content-sbl = <&u_boot_spl_fs>;
|
|
content-sysfw = <&ti_fs_enc_fs>;
|
|
content-sysfw-data = <&combined_tifs_cfg_fs>;
|
|
content-sysfw-inner-cert = <&sysfw_inner_cert_fs>;
|
|
content-dm-data = <&combined_dm_cfg_fs>;
|
|
load = <0x41c00000>;
|
|
load-sysfw = <0x40000>;
|
|
load-sysfw-data = <0x67000>;
|
|
load-dm-data = <0x41c80000>;
|
|
};
|
|
u_boot_spl_fs: u-boot-spl {
|
|
no-expanded;
|
|
};
|
|
ti_fs_enc_fs: ti-fs-enc.bin {
|
|
filename = "ti-sysfw/ti-fs-firmware-j721s2-hs-fs-enc.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_tifs_cfg_fs: combined-tifs-cfg.bin {
|
|
filename = "combined-tifs-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
sysfw_inner_cert_fs: sysfw-inner-cert {
|
|
filename = "ti-sysfw/ti-fs-firmware-j721s2-hs-fs-cert.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_dm_cfg_fs: combined-dm-cfg.bin {
|
|
filename = "combined-dm-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
tiboot3-j721s2-gp-evm.bin {
|
|
filename = "tiboot3-j721s2-gp-evm.bin";
|
|
symlink = "tiboot3.bin";
|
|
ti-secure-rom {
|
|
content = <&u_boot_spl_unsigned>, <&ti_fs_gp>,
|
|
<&combined_tifs_cfg_gp>, <&combined_dm_cfg_gp>;
|
|
combined;
|
|
dm-data;
|
|
content-sbl = <&u_boot_spl_unsigned>;
|
|
load = <0x41c00000>;
|
|
content-sysfw = <&ti_fs_gp>;
|
|
load-sysfw = <0x40000>;
|
|
content-sysfw-data = <&combined_tifs_cfg_gp>;
|
|
load-sysfw-data = <0x67000>;
|
|
content-dm-data = <&combined_dm_cfg_gp>;
|
|
load-dm-data = <0x41c80000>;
|
|
sw-rev = <1>;
|
|
keyfile = "ti-degenerate-key.pem";
|
|
};
|
|
u_boot_spl_unsigned: u-boot-spl {
|
|
no-expanded;
|
|
};
|
|
ti_fs_gp: ti-fs-gp.bin {
|
|
filename = "ti-sysfw/ti-fs-firmware-j721s2-gp.bin";
|
|
type = "blob-ext";
|
|
optional;
|
|
};
|
|
combined_tifs_cfg_gp: combined-tifs-cfg-gp.bin {
|
|
filename = "combined-tifs-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
combined_dm_cfg_gp: combined-dm-cfg-gp.bin {
|
|
filename = "combined-dm-cfg.bin";
|
|
type = "blob-ext";
|
|
};
|
|
|
|
};
|
|
};
|
|
|
|
#endif
|
|
|
|
#ifdef CONFIG_TARGET_J721S2_A72_EVM
|
|
|
|
#define SPL_J721S2_EVM_DTB "spl/dts/k3-j721s2-common-proc-board.dtb"
|
|
#define SPL_AM68_SK_DTB "spl/dts/k3-am68-sk-base-board.dtb"
|
|
|
|
#define J721S2_EVM_DTB "u-boot.dtb"
|
|
#define AM68_SK_DTB "arch/arm/dts/k3-am68-sk-base-board.dtb"
|
|
|
|
&binman {
|
|
ti-dm {
|
|
filename = "ti-dm.bin";
|
|
blob-ext {
|
|
filename = "ti-dm/j721s2/ipc_echo_testb_mcu1_0_release_strip.xer5f";
|
|
};
|
|
};
|
|
ti-spl {
|
|
insert-template = <&ti_spl_template>;
|
|
|
|
fit {
|
|
images {
|
|
atf {
|
|
ti-secure {
|
|
auth-in-place = <0xa02>;
|
|
|
|
firewall-257-0 {
|
|
/* cpu_0_cpu_0_msmc Background Firewall */
|
|
insert-template = <&firewall_bg_1>;
|
|
id = <257>;
|
|
region = <0>;
|
|
};
|
|
|
|
firewall-257-1 {
|
|
/* cpu_0_cpu_0_msmc Foreground Firewall */
|
|
insert-template = <&firewall_armv8_atf_fg>;
|
|
id = <257>;
|
|
region = <1>;
|
|
};
|
|
|
|
firewall-284-0 {
|
|
/* dru_0_msmc Background Firewall */
|
|
insert-template = <&firewall_bg_3>;
|
|
id = <284>;
|
|
region = <0>;
|
|
};
|
|
|
|
firewall-284-1 {
|
|
/* dru_0_msmc Foreground Firewall */
|
|
insert-template = <&firewall_armv8_atf_fg>;
|
|
id = <284>;
|
|
region = <1>;
|
|
};
|
|
|
|
/* firewall-5140-0 {
|
|
* nb_slv0__mem0 Background Firewall
|
|
* Already configured by the secure entity
|
|
* };
|
|
*/
|
|
|
|
firewall-5140-1 {
|
|
/* nb_slv0__mem0 Foreground Firewall */
|
|
insert-template = <&firewall_armv8_atf_fg>;
|
|
id = <5140>;
|
|
region = <1>;
|
|
};
|
|
|
|
/* firewall-5140-0 {
|
|
* nb_slv1__mem0 Background Firewall
|
|
* Already configured by the secure entity
|
|
* };
|
|
*/
|
|
|
|
firewall-5141-1 {
|
|
/* nb_slv1__mem0 Foreground Firewall */
|
|
insert-template = <&firewall_armv8_atf_fg>;
|
|
id = <5141>;
|
|
region = <1>;
|
|
};
|
|
|
|
};
|
|
};
|
|
|
|
tee {
|
|
ti-secure {
|
|
auth-in-place = <0xa02>;
|
|
|
|
firewall-257-2 {
|
|
/* cpu_0_cpu_0_msmc Foreground Firewall */
|
|
insert-template = <&firewall_armv8_optee_fg>;
|
|
id = <257>;
|
|
region = <2>;
|
|
};
|
|
|
|
firewall-284-2 {
|
|
/* dru_0_msmc Foreground Firewall */
|
|
insert-template = <&firewall_armv8_optee_fg>;
|
|
id = <284>;
|
|
region = <2>;
|
|
};
|
|
|
|
firewall-5142-0 {
|
|
/* nb_slv2__mem0 Background Firewall - 0 */
|
|
insert-template = <&firewall_bg_3>;
|
|
id = <5142>;
|
|
region = <0>;
|
|
};
|
|
|
|
firewall-5142-1 {
|
|
/* nb_slv2__mem0 Foreground Firewall */
|
|
insert-template = <&firewall_armv8_optee_fg>;
|
|
id = <5142>;
|
|
region = <1>;
|
|
};
|
|
|
|
firewall-5143-0 {
|
|
/* nb_slv3__mem0 Background Firewall - 0 */
|
|
insert-template = <&firewall_bg_3>;
|
|
id = <5143>;
|
|
region = <0>;
|
|
};
|
|
|
|
firewall-5143-1 {
|
|
/* nb_slv3__mem0 Foreground Firewall */
|
|
insert-template = <&firewall_armv8_optee_fg>;
|
|
id = <5143>;
|
|
region = <1>;
|
|
};
|
|
|
|
firewall-5144-0 {
|
|
/* nb_slv4__mem0 Background Firewall - 0 */
|
|
insert-template = <&firewall_bg_3>;
|
|
id = <5144>;
|
|
region = <0>;
|
|
};
|
|
|
|
firewall-5144-1 {
|
|
/* nb_slv4__mem0 Foreground Firewall */
|
|
insert-template = <&firewall_armv8_optee_fg>;
|
|
id = <5144>;
|
|
region = <1>;
|
|
};
|
|
|
|
};
|
|
};
|
|
dm {
|
|
ti-secure {
|
|
content = <&dm>;
|
|
keyfile = "custMpk.pem";
|
|
};
|
|
dm: ti-dm {
|
|
filename = "ti-dm.bin";
|
|
};
|
|
};
|
|
|
|
fdt-0 {
|
|
description = "k3-j721s2-common-proc-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
ti-secure {
|
|
content = <&spl_j721s2_evm_dtb>;
|
|
keyfile = "custMpk.pem";
|
|
};
|
|
spl_j721s2_evm_dtb: blob-ext {
|
|
filename = SPL_J721S2_EVM_DTB;
|
|
};
|
|
|
|
};
|
|
|
|
fdt-1 {
|
|
description = "k3-am68-sk-base-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
ti-secure {
|
|
content = <&spl_am68_sk_dtb>;
|
|
keyfile = "custMpk.pem";
|
|
};
|
|
spl_am68_sk_dtb: blob-ext {
|
|
filename = SPL_AM68_SK_DTB;
|
|
};
|
|
};
|
|
};
|
|
|
|
configurations {
|
|
default = "conf-0";
|
|
|
|
conf-0 {
|
|
description = "k3-j721s2-common-proc-board";
|
|
firmware = "atf";
|
|
loadables = "tee", "dm", "spl";
|
|
fdt = "fdt-0";
|
|
};
|
|
|
|
conf-1 {
|
|
description = "k3-am68-sk-base-board";
|
|
firmware = "atf";
|
|
loadables = "tee", "dm", "spl";
|
|
fdt = "fdt-1";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
u-boot {
|
|
insert-template = <&u_boot_template>;
|
|
|
|
fit {
|
|
images {
|
|
uboot {
|
|
description = "U-Boot for J721S2 Board";
|
|
};
|
|
|
|
fdt-0 {
|
|
description = "k3-j721s2-common-proc-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
ti-secure {
|
|
content = <&j721s2_evm_dtb>;
|
|
keyfile = "custMpk.pem";
|
|
};
|
|
j721s2_evm_dtb: blob-ext {
|
|
filename = J721S2_EVM_DTB;
|
|
};
|
|
|
|
hash {
|
|
algo = "crc32";
|
|
};
|
|
};
|
|
|
|
fdt-1 {
|
|
description = "k3-am68-sk-base-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
ti-secure {
|
|
content = <&am68_sk_dtb>;
|
|
keyfile = "custMpk.pem";
|
|
};
|
|
am68_sk_dtb: blob-ext {
|
|
filename = AM68_SK_DTB;
|
|
};
|
|
|
|
hash {
|
|
algo = "crc32";
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
configurations {
|
|
default = "conf-0";
|
|
|
|
conf-0 {
|
|
description = "k3-j721s2-common-proc-board";
|
|
firmware = "uboot";
|
|
loadables = "uboot";
|
|
fdt = "fdt-0";
|
|
};
|
|
conf-1 {
|
|
description = "k3-am68-sk-base-board";
|
|
firmware = "uboot";
|
|
loadables = "uboot";
|
|
fdt = "fdt-1";
|
|
};
|
|
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
ti-spl_unsigned {
|
|
insert-template = <&ti_spl_unsigned_template>;
|
|
|
|
fit {
|
|
images {
|
|
dm {
|
|
ti-dm {
|
|
filename = "ti-dm.bin";
|
|
};
|
|
};
|
|
|
|
fdt-0 {
|
|
description = "k3-j721s2-common-proc-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
blob {
|
|
filename = SPL_J721S2_EVM_DTB;
|
|
};
|
|
};
|
|
fdt-1 {
|
|
description = "k3-am68-sk-base-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
blob {
|
|
filename = SPL_AM68_SK_DTB;
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
configurations {
|
|
default = "conf-0";
|
|
|
|
conf-0 {
|
|
description = "k3-j721s2-common-proc-board";
|
|
firmware = "atf";
|
|
loadables = "tee", "dm", "spl";
|
|
fdt = "fdt-0";
|
|
};
|
|
conf-1 {
|
|
description = "k3-am68-sk-base-board";
|
|
firmware = "atf";
|
|
loadables = "tee", "dm", "spl";
|
|
fdt = "fdt-1";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
&binman {
|
|
u-boot_unsigned {
|
|
insert-template = <&u_boot_unsigned_template>;
|
|
|
|
fit {
|
|
images {
|
|
uboot {
|
|
description = "U-Boot for J721S2 Board";
|
|
};
|
|
|
|
fdt-0 {
|
|
description = "k3-j721s2-common-proc-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
blob {
|
|
filename = J721S2_EVM_DTB;
|
|
};
|
|
hash {
|
|
algo = "crc32";
|
|
};
|
|
};
|
|
fdt-1 {
|
|
description = "k3-am68-sk-base-board";
|
|
type = "flat_dt";
|
|
arch = "arm";
|
|
compression = "none";
|
|
blob {
|
|
filename = AM68_SK_DTB;
|
|
};
|
|
hash {
|
|
algo = "crc32";
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
configurations {
|
|
default = "conf-0";
|
|
|
|
conf-0 {
|
|
description = "k3-j721s2-common-proc-board";
|
|
firmware = "uboot";
|
|
loadables = "uboot";
|
|
fdt = "fdt-0";
|
|
};
|
|
conf-1 {
|
|
description = "k3-am68-sk-base-board";
|
|
firmware = "uboot";
|
|
loadables = "uboot";
|
|
fdt = "fdt-1";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
#endif
|