Re: [RFC PATCH v2 0/8] ATF and OP-TEE Firewalling for K3 devices.
Hi Andrew, On 09:25-20230926, Andrew Davis wrote: > On 9/26/23 2:58 AM, Manorit Chawdhry wrote: > > K3 devices have firewalls that are used to prevent illegal accesses to > > memory regions that are deemed secure. The series prevents the illegal > > accesses to ATF and OP-TEE regions that are present in different K3 > > devices. > > > > AM62AX and AM64X are currently in hold due to some firewall > > configurations that our System Controller (TIFS) needs to handle. > > > > Signed-off-by: Manorit Chawdhry > > --- > > You have mixed tabs and spaces in the .dtsi patches. Thanks for this, would be sending a v3 with the fixes. Regards, Manorit > > Andrew > > > Changes in v2: > > > > Andrew: > > - Make the firewall DTS more readable with CONSTANTS > > > > Neha: > > - Move GetHexOctet to dtoc for common usage > > - Update the documentation in ti-secure > > - s/indentifier/identifier/ > > - Add firewall binman test > > > > - Remove slave firewall multiple background regions > >( Single firewall region works fine ) > > - Add a check in the subnodes to check for the node.name 'firewall' > > - Change firewall indexing with id and region number so that it is easy > >to purge out firewalls and we don't need to redo the numbering. > > - Add information for all the firewalls. > > - Link to v1: > > https://lore.kernel.org/u-boot/20230905-binman-firewalling-v1-0-3894520bf...@ti.com/ > > > > --- > > Manorit Chawdhry (8): > >dtoc: openssl: Add GetHexOctet method > >binman: ti-secure: Add support for firewalling entities > >binman: ftest: Add test for ti-secure firewall node > >binman: k3: add k3-security.h and include it in k3-binman.dtsi > >binman: j721e: Add firewall configurations for atf > >binman: am62x: Add firewalling configurations > >binman: j721s2: Add firewall configurations > >binman: j7200: Add firewall configurations > > > > arch/arm/dts/k3-am625-sk-binman.dtsi | 49 +++ > > arch/arm/dts/k3-binman.dtsi | 2 + > > arch/arm/dts/k3-j7200-binman.dtsi| 137 ++ > > arch/arm/dts/k3-j721e-binman.dtsi| 183 > > > > arch/arm/dts/k3-j721s2-binman.dtsi | 206 > > +++ > > arch/arm/dts/k3-security.h | 58 > > tools/binman/btool/openssl.py| 16 ++- > > tools/binman/etype/ti_secure.py | 85 +++ > > tools/binman/etype/x509_cert.py | 3 +- > > tools/binman/ftest.py| 12 ++ > > tools/binman/test/311_ti_secure_firewall.dts | 28 > > tools/dtoc/fdt_util.py | 20 +++ > > 12 files changed, 796 insertions(+), 3 deletions(-) > > --- > > base-commit: 2fe4b54556ea6271237b35de68dc458bfceab94c > > change-id: 20230724-binman-firewalling-65ecdb23ec0a > > > > Best regards,
Re: [RFC PATCH v2 0/8] ATF and OP-TEE Firewalling for K3 devices.
On 9/26/23 2:58 AM, Manorit Chawdhry wrote: K3 devices have firewalls that are used to prevent illegal accesses to memory regions that are deemed secure. The series prevents the illegal accesses to ATF and OP-TEE regions that are present in different K3 devices. AM62AX and AM64X are currently in hold due to some firewall configurations that our System Controller (TIFS) needs to handle. Signed-off-by: Manorit Chawdhry --- You have mixed tabs and spaces in the .dtsi patches. Andrew Changes in v2: Andrew: - Make the firewall DTS more readable with CONSTANTS Neha: - Move GetHexOctet to dtoc for common usage - Update the documentation in ti-secure - s/indentifier/identifier/ - Add firewall binman test - Remove slave firewall multiple background regions ( Single firewall region works fine ) - Add a check in the subnodes to check for the node.name 'firewall' - Change firewall indexing with id and region number so that it is easy to purge out firewalls and we don't need to redo the numbering. - Add information for all the firewalls. - Link to v1: https://lore.kernel.org/u-boot/20230905-binman-firewalling-v1-0-3894520bf...@ti.com/ --- Manorit Chawdhry (8): dtoc: openssl: Add GetHexOctet method binman: ti-secure: Add support for firewalling entities binman: ftest: Add test for ti-secure firewall node binman: k3: add k3-security.h and include it in k3-binman.dtsi binman: j721e: Add firewall configurations for atf binman: am62x: Add firewalling configurations binman: j721s2: Add firewall configurations binman: j7200: Add firewall configurations arch/arm/dts/k3-am625-sk-binman.dtsi | 49 +++ arch/arm/dts/k3-binman.dtsi | 2 + arch/arm/dts/k3-j7200-binman.dtsi| 137 ++ arch/arm/dts/k3-j721e-binman.dtsi| 183 arch/arm/dts/k3-j721s2-binman.dtsi | 206 +++ arch/arm/dts/k3-security.h | 58 tools/binman/btool/openssl.py| 16 ++- tools/binman/etype/ti_secure.py | 85 +++ tools/binman/etype/x509_cert.py | 3 +- tools/binman/ftest.py| 12 ++ tools/binman/test/311_ti_secure_firewall.dts | 28 tools/dtoc/fdt_util.py | 20 +++ 12 files changed, 796 insertions(+), 3 deletions(-) --- base-commit: 2fe4b54556ea6271237b35de68dc458bfceab94c change-id: 20230724-binman-firewalling-65ecdb23ec0a Best regards,
[RFC PATCH v2 0/8] ATF and OP-TEE Firewalling for K3 devices.
K3 devices have firewalls that are used to prevent illegal accesses to memory regions that are deemed secure. The series prevents the illegal accesses to ATF and OP-TEE regions that are present in different K3 devices. AM62AX and AM64X are currently in hold due to some firewall configurations that our System Controller (TIFS) needs to handle. Signed-off-by: Manorit Chawdhry --- Changes in v2: Andrew: - Make the firewall DTS more readable with CONSTANTS Neha: - Move GetHexOctet to dtoc for common usage - Update the documentation in ti-secure - s/indentifier/identifier/ - Add firewall binman test - Remove slave firewall multiple background regions ( Single firewall region works fine ) - Add a check in the subnodes to check for the node.name 'firewall' - Change firewall indexing with id and region number so that it is easy to purge out firewalls and we don't need to redo the numbering. - Add information for all the firewalls. - Link to v1: https://lore.kernel.org/u-boot/20230905-binman-firewalling-v1-0-3894520bf...@ti.com/ --- Manorit Chawdhry (8): dtoc: openssl: Add GetHexOctet method binman: ti-secure: Add support for firewalling entities binman: ftest: Add test for ti-secure firewall node binman: k3: add k3-security.h and include it in k3-binman.dtsi binman: j721e: Add firewall configurations for atf binman: am62x: Add firewalling configurations binman: j721s2: Add firewall configurations binman: j7200: Add firewall configurations arch/arm/dts/k3-am625-sk-binman.dtsi | 49 +++ arch/arm/dts/k3-binman.dtsi | 2 + arch/arm/dts/k3-j7200-binman.dtsi| 137 ++ arch/arm/dts/k3-j721e-binman.dtsi| 183 arch/arm/dts/k3-j721s2-binman.dtsi | 206 +++ arch/arm/dts/k3-security.h | 58 tools/binman/btool/openssl.py| 16 ++- tools/binman/etype/ti_secure.py | 85 +++ tools/binman/etype/x509_cert.py | 3 +- tools/binman/ftest.py| 12 ++ tools/binman/test/311_ti_secure_firewall.dts | 28 tools/dtoc/fdt_util.py | 20 +++ 12 files changed, 796 insertions(+), 3 deletions(-) --- base-commit: 2fe4b54556ea6271237b35de68dc458bfceab94c change-id: 20230724-binman-firewalling-65ecdb23ec0a Best regards, -- Manorit Chawdhry
