mbox series

[0/5] add support for hs bootflows to am62a

Message ID 20221224011525.4696-1-bb@ti.com
Headers show
Series add support for hs bootflows to am62a | expand

Message

Bryan Brattlof Dec. 24, 2022, 1:15 a.m. UTC 
Hello everyone!

Texas Instruments has started to enable security settings inside all the
boot ROM and TIFS firmware in all of their SoCs. One of the few changes
this brings is ROM and TIFS will now begin protecting the RAM regions
they're using with firewalls.

This means the wakeup domain's SPL will need to move the stack and heap
to HSM RAM to ensure it stays within its allotted memory regions as well
as move the needed boot information to the main domain's bootloaders that
will no longer have access to HSM RAM.

We will also need to edit the bootcmd to pull in the kernel and dtb's
fitImage if uboot is enforcing the high security bootflow. While we're
editing this bootcmd, we can also take the opportunity to convert it to
a distro_bootcmd macro.

Thanks for reviewing!
~Bryan

Bryan Brattlof (5):
  configs: restrict am62ax wakup SPL size
  configs: am62a: move stack and heap to HSM RAM
  arm: mach-k3: copy bootindex to OCRAM for main domain SPL
  configs: am62a: convert bootcmd to distro_bootcmd
  configs: am62a: use kernel fitImage when using secure bootflow

 arch/arm/mach-k3/Kconfig                      |  4 ++-
 arch/arm/mach-k3/am62a7_init.c                | 16 +++++++--
 .../arm/mach-k3/include/mach/am62a_hardware.h | 17 +++++++++-
 configs/am62ax_evm_a53_defconfig              |  1 -
 configs/am62ax_evm_r5_defconfig               | 15 +++++---
 include/configs/am62ax_evm.h                  | 34 +++++++++++++++++--
 6 files changed, 74 insertions(+), 13 deletions(-)


base-commit: 52d91e1c20b399ddab276e2c03e5788ed5e5fdd2

Comments

Kamlesh Gurudasani Dec. 29, 2022, 9:14 a.m. UTC | #1 
Bryan Brattlof <bb@ti.com> writes:

> Hello everyone!
>
> Texas Instruments has started to enable security settings inside all the
> boot ROM and TIFS firmware in all of their SoCs. One of the few changes
> this brings is ROM and TIFS will now begin protecting the RAM regions
> they're using with firewalls.
>
> This means the wakeup domain's SPL will need to move the stack and heap
> to HSM RAM to ensure it stays within its allotted memory regions as well
> as move the needed boot information to the main domain's bootloaders that
> will no longer have access to HSM RAM.
>
> We will also need to edit the bootcmd to pull in the kernel and dtb's
> fitImage if uboot is enforcing the high security bootflow. While we're
> editing this bootcmd, we can also take the opportunity to convert it to
> a distro_bootcmd macro.
>
> Thanks for reviewing!
> ~Bryan
>
> Bryan Brattlof (5):
>   configs: restrict am62ax wakup SPL size
>   configs: am62a: move stack and heap to HSM RAM
>   arm: mach-k3: copy bootindex to OCRAM for main domain SPL
>   configs: am62a: convert bootcmd to distro_bootcmd
>   configs: am62a: use kernel fitImage when using secure bootflow
>
>  arch/arm/mach-k3/Kconfig                      |  4 ++-
>  arch/arm/mach-k3/am62a7_init.c                | 16 +++++++--
>  .../arm/mach-k3/include/mach/am62a_hardware.h | 17 +++++++++-
>  configs/am62ax_evm_a53_defconfig              |  1 -
>  configs/am62ax_evm_r5_defconfig               | 15 +++++---
>  include/configs/am62ax_evm.h                  | 34 +++++++++++++++++--
>  6 files changed, 74 insertions(+), 13 deletions(-)
>
>
> base-commit: 52d91e1c20b399ddab276e2c03e5788ed5e5fdd2
> -- 
> 2.39.0

All patches look good to me.

Reviewed-by: Kamlesh Gurudasani <kamlesh@ti.com>

Thanks