arm: dts: k3-am642-phycore-binman: Configure firewall for ATF/OPTEE

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure read's and write's in Phycore AM64 SOM.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>

diff --git a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
index 966905bd64db98742eb131b7d3eeb5a51ca14889..07cb79fd04a30a050dd061e94ae0c00bc31c06cc 100644 (file)
--- a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
+++ b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
@@ -141,6 +141,37 @@
                        #address-cells = <1>;
 
                        images {
+                               atf {
+                                       ti-secure {
+                                               auth-in-place = <0xa02>;
+
+                                               firewall-24-5 {
+                                                       insert-template = <&firewall_armv8_atf_fg>;
+                                                       id = <24>;
+                                                       region = <5>;
+                                               };
+                                       };
+                               };
+
+                               tee {
+                                       ti-secure {
+                                               auth-in-place = <0xa02>;
+
+                                               firewall-1-0 {
+                                                       insert-template = <&firewall_bg_3>;
+                                                       id = <1>;
+                                                       region = <0>;
+                                               };
+
+
+                                               firewall-1-1 {
+                                                       insert-template = <&firewall_armv8_optee_fg>;
+                                                       id = <1>;
+                                                       region = <1>;
+                                               };
+                                       };
+                               };
+
                                dm {
                                        blob-ext {
                                                filename = "/dev/null";