Hello Jonas, I noticed your recent work on the RK3506. I've been working on replacing the closed `rk3506_tee` blob on an RK3506B (Luckfox Lyra Ultra) with an upstream from-source OP-TEE build & made some decent progress but one part that I'm stuck on is DDR firewall (FW_DDR, base `0xff5f0000`) locking the secure DRAM region against the non-secure CPU master. I believe you skipped the secure world element but I wonder would you have any ideas?
So far I can: - program the region-map + CON + per-master (MST) registers and can read them back, - reproduce the exact register/value/ordering sequence that the vendor secure firmware uses. I've verified - With the same idbloader/SPL (mainline-style U-Boot `arch_cpu_init`, which only does the MST grants), the vendor TEE enforces but my OP-TEE does not, NS still reads/writes the region. - The SGRF slave-security set is identical between the two. So there appears to be a precondition outside the FW_DDR register block that is set by the vendor secure firmware's broader init that makes region checks actually apply to the A7 NS master. If you or anyone has any pointers to the FW_DDR register summary or how to set this it would be gratefully appreciated! Regards, Owen
