[PATCH v5 0/8] ATF and OP-TEE Firewalling for K3 devices.

Mon, 13 Nov 2023 02:19:23 -0800 

K3 devices have firewalls that are used to prevent illegal accesses to
memory regions that are deemed secure. The series prevents the illegal
accesses to ATF and OP-TEE regions that are present in different K3
devices. 

AM62X, AM62AX and AM64X are currently in hold due to some firewall
configurations that our System Controller (TIFS) needs to handle. 
The devices that are not configured with the firewalling nodes will not
be affected and can continue to work fine until the firewall nodes are
added so will be a non-blocking merge. 

Test Logs: https://gist.github.com/manorit2001/c929e6ccab03f55b3828896fbd04184b
CICD Run: https://github.com/u-boot/u-boot/pull/442

Signed-off-by: Manorit Chawdhry <m-chawd...@ti.com>
---
Changes in v5:

* Simon
- Change and improve the error message

- Fix the test case, wasn't working properly previously
- Rebase on top of master
- Link to v4: 
https://lore.kernel.org/r/20231011-binman-firewalling-v4-0-a08085d30...@ti.com

---
Manorit Chawdhry (8):
      binman: ti-secure: Add support for firewalling entities
      binman: ftest: Add test for ti-secure firewall node
      binman: k3: Add k3-security.h and include it in k3-binman.dtsi
      binman: j721e: Add firewall configurations
      binman: j721s2: Add firewall configurations
      binman: j7200: Add firewall configurations
      docs: k3: Cleanup FIT signature documentation
      docs: k3: Add secure booting documentation

 arch/arm/dts/k3-binman.dtsi                        |   2 +
 arch/arm/dts/k3-j7200-binman.dtsi                  | 143 ++++++++++
 arch/arm/dts/k3-j721e-binman.dtsi                  | 187 ++++++++++++
 arch/arm/dts/k3-j721s2-binman.dtsi                 | 208 ++++++++++++++
 arch/arm/dts/k3-security.h                         |  58 ++++
 doc/board/ti/k3.rst                                | 315 ++++++++++++++-------
 tools/binman/btool/openssl.py                      |  16 +-
 tools/binman/etype/ti_secure.py                    |  95 +++++++
 tools/binman/etype/x509_cert.py                    |   4 +-
 tools/binman/ftest.py                              |  23 ++
 tools/binman/test/319_ti_secure_firewall.dts       |  28 ++
 .../320_ti_secure_firewall_missing_property.dts    |  28 ++
 12 files changed, 1005 insertions(+), 102 deletions(-)
---
base-commit: 17e9db18f17b6cad278694d4a61df95e96bdf4f5
change-id: 20230724-binman-firewalling-65ecdb23ec0a

Best regards,
-- 
Manorit Chawdhry <m-chawd...@ti.com>

Reply via email to