| #
a77efb6b |
| 02-Mar-2026 |
Lauren Wehrmeister <lauren.wehrmeister@arm.com> |
Merge changes from topic "dev/rk3568-ddr-fw" into integration
* changes:
feat(rk3568): protect TF-As memory area with the DDR firewall
feat(rk3568): bring DDR firewall naming in line
feat(rk35
Merge changes from topic "dev/rk3568-ddr-fw" into integration
* changes:
feat(rk3568): protect TF-As memory area with the DDR firewall
feat(rk3568): bring DDR firewall naming in line
feat(rk3568): move existing secure init to separate files
fix(rockchip): fix comment and value about TZRAM_SIZE
show more ...
|
| #
1248db70 |
| 12-Sep-2025 |
Heiko Stuebner <heiko@sntech.de> |
feat(rk3568): protect TF-As memory area with the DDR firewall
Similar to most (all?) other Rockchip SoCs, the RK3568 also has a DDR
firewall to restrict memory regions to secure usage.
The original
feat(rk3568): protect TF-As memory area with the DDR firewall
Similar to most (all?) other Rockchip SoCs, the RK3568 also has a DDR
firewall to restrict memory regions to secure usage.
The original submission didn't protect the TF-A's memory region, so
implement this now with knowledge gained from comments in the OPTEE
pull-request for the rk356x [0].
Contrary to other SoCs like RK3576 and RK3588, the RK3568 memory
regions are managed in blocks of 128KB, not blocks of 1MB size.
With the registers having 16bit for upper and lower block id, this then
can completely fill the 8GB max ram size the RK356x supports.
The whole behaviour was tested with a number of reads from main u-boot.
With the current config of protecting everything in the first MB of memory,
doing any reads before the 1MB border will trigger the expected
"Synchronous Abort" and restart.
So doing
=> md 0x100000 4
will succeed, but reading anything before this will trigger the Abort.
[0] https://github.com/OP-TEE/optee_os/pull/6954#issuecomment-3041255974
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Diederik de Haas <diederik@cknow-tech.com>
Change-Id: I6c75ab2813566e727e46cea86dd229625a64dd3f
show more ...
|
| #
5e4a490d |
| 10-Sep-2025 |
Heiko Stuebner <heiko@sntech.de> |
feat(rk3568): bring DDR firewall naming in line
The TRM declares that region as FIREWALL_DDR, so name the memory region
accordingly in TF-A and also remove the double FW_DDR + _REG addon from
the on
feat(rk3568): bring DDR firewall naming in line
The TRM declares that region as FIREWALL_DDR, so name the memory region
accordingly in TF-A and also remove the double FW_DDR + _REG addon from
the one known register.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Change-Id: Ic098baa13b5c0b4cf339905030ee7d777bcbda34
show more ...
|
| #
1dc8eb91 |
| 10-Sep-2025 |
Heiko Stuebner <heiko@sntech.de> |
feat(rk3568): move existing secure init to separate files
Move the existing secure_timer_init() and sgrf_init() to a separate
file similar to the other Rockchip platforms.
This allows us to add add
feat(rk3568): move existing secure init to separate files
Move the existing secure_timer_init() and sgrf_init() to a separate
file similar to the other Rockchip platforms.
This allows us to add additional secure init later on.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Change-Id: I1151abed77d68b3730d505c547919e60415e3951
show more ...
|