[U-Boot] [PATCH] board: ti: am654: Disable TRNG node for HS devices

[U-Boot] [PATCH] board: ti: am654: Disable TRNG node for HS devices

[Andrew F. Davis]

On HS devices the access to TRNG is restricted on the non-secure
ARM side, disable the node in DT to prevent firewall violations.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 arch/arm/mach-k3/common.c                 | 20 ++++++++++++++++++++
 arch/arm/mach-k3/include/mach/sys_proto.h |  2 ++
 board/ti/am65x/evm.c                      | 15 +++++++++++++--
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
index 3e36d90ace..c16afc654f 100644
--- a/arch/arm/mach-k3/common.c
+++ b/arch/arm/mach-k3/common.c
@@ -137,6 +137,26 @@ int fdt_fixup_msmc_ram(void *blob, char *parent_path, char *node_name)
 
 	return 0;
 }
+
+int fdt_disable_node(void *blob, char *node_path)
+{
+	int offs;
+	int ret;
+
+	offs = fdt_path_offset(blob, node_path);
+	if (offs < 0) {
+		debug("Node %s not found.\n", node_path);
+		return 0;
+	}
+	ret = fdt_setprop_string(blob, offs, "status", "disabled");
+	if (ret < 0) {
+		printf("Could not add status property to node %s: %s\n",
+		       node_path, fdt_strerror(ret));
+		return ret;
+	}
+	return 0;
+}
+
 #endif
 
 #ifndef CONFIG_SYSRESET
diff --git a/arch/arm/mach-k3/include/mach/sys_proto.h b/arch/arm/mach-k3/include/mach/sys_proto.h
index 45832b45a1..3c825aa3d1 100644
--- a/arch/arm/mach-k3/include/mach/sys_proto.h
+++ b/arch/arm/mach-k3/include/mach/sys_proto.h
@@ -14,4 +14,6 @@ struct ti_sci_handle *get_ti_sci_handle(void);
 int fdt_fixup_msmc_ram(void *blob, char *parent_path, char *node_name);
 int do_board_detect(void);
 void release_resources_for_core_shutdown(void);
+int fdt_disable_node(void *blob, char *node_path);
+
 #endif
diff --git a/board/ti/am65x/evm.c b/board/ti/am65x/evm.c
index e01adcd642..ad333ad883 100644
--- a/board/ti/am65x/evm.c
+++ b/board/ti/am65x/evm.c
@@ -96,10 +96,21 @@ int ft_board_setup(void *blob, bd_t *bd)
 	int ret;
 
 	ret = fdt_fixup_msmc_ram(blob, "/interconnect at 100000", "sram at 70000000");
-	if (ret)
+	if (ret) {
 		printf("%s: fixing up msmc ram failed %d\n", __func__, ret);
+		return ret;
+	}
 
-	return ret;
+#if defined(CONFIG_TI_SECURE_DEVICE)
+	/* Make HW RNG reserved for secure world use */
+	ret = fdt_disable_node(blob, "/interconnect at 100000/trng@4e10000");
+	if (ret) {
+		printf("%s: disabling TRGN failed %d\n", __func__, ret);
+		return ret;
+	}
+#endif
+
+	return 0;
 }
 #endif
 
-- 
2.17.1

[U-Boot] [PATCH] board: ti: am654: Disable TRNG node for HS devices

[Lokesh Vutla]

On 18/09/19 2:45 AM, Andrew F. Davis wrote:
> On HS devices the access to TRNG is restricted on the non-secure
> ARM side, disable the node in DT to prevent firewall violations.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>

Thanks and regards,
Lokesh

> ---
>  arch/arm/mach-k3/common.c                 | 20 ++++++++++++++++++++
>  arch/arm/mach-k3/include/mach/sys_proto.h |  2 ++
>  board/ti/am65x/evm.c                      | 15 +++++++++++++--
>  3 files changed, 35 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
> index 3e36d90ace..c16afc654f 100644
> --- a/arch/arm/mach-k3/common.c
> +++ b/arch/arm/mach-k3/common.c
> @@ -137,6 +137,26 @@ int fdt_fixup_msmc_ram(void *blob, char *parent_path, char *node_name)
>  
>  	return 0;
>  }
> +
> +int fdt_disable_node(void *blob, char *node_path)
> +{
> +	int offs;
> +	int ret;
> +
> +	offs = fdt_path_offset(blob, node_path);
> +	if (offs < 0) {
> +		debug("Node %s not found.\n", node_path);
> +		return 0;
> +	}
> +	ret = fdt_setprop_string(blob, offs, "status", "disabled");
> +	if (ret < 0) {
> +		printf("Could not add status property to node %s: %s\n",
> +		       node_path, fdt_strerror(ret));
> +		return ret;
> +	}
> +	return 0;
> +}
> +
>  #endif
>  
>  #ifndef CONFIG_SYSRESET
> diff --git a/arch/arm/mach-k3/include/mach/sys_proto.h b/arch/arm/mach-k3/include/mach/sys_proto.h
> index 45832b45a1..3c825aa3d1 100644
> --- a/arch/arm/mach-k3/include/mach/sys_proto.h
> +++ b/arch/arm/mach-k3/include/mach/sys_proto.h
> @@ -14,4 +14,6 @@ struct ti_sci_handle *get_ti_sci_handle(void);
>  int fdt_fixup_msmc_ram(void *blob, char *parent_path, char *node_name);
>  int do_board_detect(void);
>  void release_resources_for_core_shutdown(void);
> +int fdt_disable_node(void *blob, char *node_path);
> +
>  #endif
> diff --git a/board/ti/am65x/evm.c b/board/ti/am65x/evm.c
> index e01adcd642..ad333ad883 100644
> --- a/board/ti/am65x/evm.c
> +++ b/board/ti/am65x/evm.c
> @@ -96,10 +96,21 @@ int ft_board_setup(void *blob, bd_t *bd)
>  	int ret;
>  
>  	ret = fdt_fixup_msmc_ram(blob, "/interconnect at 100000", "sram at 70000000");
> -	if (ret)
> +	if (ret) {
>  		printf("%s: fixing up msmc ram failed %d\n", __func__, ret);
> +		return ret;
> +	}
>  
> -	return ret;
> +#if defined(CONFIG_TI_SECURE_DEVICE)
> +	/* Make HW RNG reserved for secure world use */
> +	ret = fdt_disable_node(blob, "/interconnect at 100000/trng at 4e10000");
> +	if (ret) {
> +		printf("%s: disabling TRGN failed %d\n", __func__, ret);
> +		return ret;
> +	}
> +#endif
> +
> +	return 0;
>  }
>  #endif
>  
> 

[U-Boot] [PATCH] board: ti: am654: Disable TRNG node for HS devices

[Tom Rini]

On Tue, Sep 17, 2019 at 05:15:40PM -0400, Andrew F. Davis wrote:

> On HS devices the access to TRNG is restricted on the non-secure
> ARM side, disable the node in DT to prevent firewall violations.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>
> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20191005/0c890339/attachment.sig>