From: Suhaas Joshi <s-joshi@ti.com>
Date: Tue, 27 Jan 2026 08:16:51 +0000 (+0530)
Subject: arm: dts: k3-am64x-binman: Configure firewall for ATF/OPTEE
X-Git-Tag: v2026.04-rc2~9^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31d5d1b378b204f2743e317c44496a3869d0a83c;p=thirdparty%2Fu-boot.git

arm: dts: k3-am64x-binman: Configure firewall for ATF/OPTEE

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure reads and writes in AM64x.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---

diff --git a/arch/arm/dts/k3-am64x-binman.dtsi b/arch/arm/dts/k3-am64x-binman.dtsi
index 32e47a3f688..f3c7f2c939d 100644
--- a/arch/arm/dts/k3-am64x-binman.dtsi
+++ b/arch/arm/dts/k3-am64x-binman.dtsi
@@ -139,6 +139,37 @@
 			#address-cells = <1>;
 
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-24-5 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <24>;
+							region = <5>;
+						};
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <1>;
+						};
+					};
+				};
+
 				dm {
 					blob-ext {
 						filename = "/dev/null";