Hi Jonas,
On 1/8/26 2:32 PM, Jonas Karlman wrote:
The firewall block access to pmu sram for non-secure masters by default
after reset (0xffffbfff).
Change the pmu lookup configuration to match the default lookup config
for ddr and system sram (0xffff3fff) to allow loading TF-A using DMA.
What is this "default" lookup config and where does it come from? You
say it's 0xffffbfff after reset and it's set to something different
after a TF-A has configured the firewall... Is it after a cold boot?
That somehow is different than a warm reset maybe?
Mainline TF-A will re-configure the firewall to use an even less
restrictive lookup (0xbffe3ff0), so this change is not expected to have
[1][2]
any real security implication.
[1]
https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/rockchip/rk3576/drivers/secure/firewall.c#L522C36-L522C46
[2]
https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/rockchip/rk3576/drivers/secure/firewall.c#L611-L613
For the proof :)
Signed-off-by: Jonas Karlman <[email protected]>
---
arch/arm/mach-rockchip/rk3576/rk3576.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm/mach-rockchip/rk3576/rk3576.c
b/arch/arm/mach-rockchip/rk3576/rk3576.c
index a1e8a7572fa4..c17ba418ced5 100644
--- a/arch/arm/mach-rockchip/rk3576/rk3576.c
+++ b/arch/arm/mach-rockchip/rk3576/rk3576.c
@@ -26,6 +26,9 @@
#define SYS_SGRF_SOC_CON15 0x005C
#define SYS_SGRF_SOC_CON20 0x0070
+#define FW_PMU1SGRF_BASE 0x26003000
+#define PMU1SGRF_SLV_LOOKUP0 0x80
+
How about using the same names as in TF-A?
PMU1SGRF_FW_BASE instead of FW_PMU1SGRF_BASE and
FW_PMU_SGRF_SLV_LOOKUP(x) instead of PMU1SGRF_SLV_LOOKUP0?
I cannot test this as I don't have an RK3576 board but it looks ok to me.
Cheers,
Quentin
