From: Marco Felsch <m.felsch@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>
Cc: BAREBOX <barebox@lists.infradead.org>,
Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: Re: [PATCH 08/14] ARM: mach-imx: tzasc: add imx6[q|ul]_tzc380_is_bypassed()
Date: Fri, 27 Jun 2025 19:42:50 +0200 [thread overview]
Message-ID: <20250627174250.22gge4iigoje2fzr@pengutronix.de> (raw)
In-Reply-To: <aF7URhGJp73oFfmw@pengutronix.de>
On 25-06-27, Sascha Hauer wrote:
> On Fri, Jun 27, 2025 at 05:57:23PM +0200, Marco Felsch wrote:
> > On 25-06-27, Sascha Hauer wrote:
> > > From: Marco Felsch <m.felsch@pengutronix.de>
> > >
> > > The TZASC_BYP bits in the IOMUX GPR offer a great way to shoot yourself
> > > in the foot. These bits are cleared by default and with these bits
> > > cleared the TZASC will never check DDR transactions. The TZASC can be
> > > configured normally with the bits cleared, it just doesn't work and all
> > > secure regions can be accessed by the normal worls. These
> > > bits can only be set in the DCD table, trying to set them in code will
> > > make the system hang. As the DCD tables are board specific it's easy to
> >
> > I think this is not entirely true. At least the i.MX6 TRM says, that any
> > DDR access must be done before the TZASC is turned on.
> >
> > Since most i.MX6/7 boards do use the DCD RAM setup and tell the BootROM
> > to load the barebox(-pbl) directly into RAM, we can enable it only from
> > DCD. But it should still be possible to enable it within the code, like
> > we do for i.MX8M. This only requires that the barebox-pbl is loaded into
> > internal OCRAM which is the rare case for i.MX6/7 boards.
>
> So you mean that the bypass bit has to be set before the DDR controller
> is initialized which requires us to put it into the DCD table when we
> initialize the DDR controller in DCD?
I think that the DRAM controller can be initialized before the TZASC is
enabled, e.g. the DCD DRAM initialization can happen before the DCD
TZASC enable. At least the Webasto and the TQMA6ULX is doing it that
way.
What needs to be ensured is, that no DRAM access is in process once we
enable the TZASC. Best solution to do that is using the SoC eFuse, the
DCD or the barebox-pbl if executed from OCRAM.
> Well, that makes more sense to me. I'll adjust the commit message
> accordingly.
Thanks, with that adapted:
Reviewed-by: Marco Felsch <m.felsch@pengutronix.de>
next prev parent reply other threads:[~2025-06-27 19:05 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-27 14:07 [PATCH 00/14] i.MX6 TZASC and OP-TEE early helpers Sascha Hauer
2025-06-27 14:07 ` [PATCH 01/14] pbl: add panic_no_stacktrace() Sascha Hauer
2025-06-27 14:07 ` [PATCH 02/14] arch: Allow data_abort_mask() in PBL Sascha Hauer
2025-06-27 14:07 ` [PATCH 03/14] ARM: add exception handling support for PBL Sascha Hauer
2025-06-27 15:30 ` Ahmad Fatoum
2025-06-27 15:45 ` Marco Felsch
2025-06-27 17:22 ` Sascha Hauer
2025-06-27 17:46 ` Marco Felsch
2025-06-27 14:07 ` [PATCH 04/14] ARM: i.MX6QDL: add imxcfg helper to configure the TZASC1/2 Sascha Hauer
2025-06-27 14:07 ` [PATCH 05/14] ARM: i.MX6Q: add imx6_get_mmdc_sdram_size Sascha Hauer
2025-06-27 14:07 ` [PATCH 06/14] ARM: mach-imx: tzasc: add region configure helpers Sascha Hauer
2025-06-27 14:07 ` [PATCH 07/14] ARM: mach-imx: tzasc: add imx6[q|ul]_tzc380_early_ns_region1() Sascha Hauer
2025-06-27 14:07 ` [PATCH 08/14] ARM: mach-imx: tzasc: add imx6[q|ul]_tzc380_is_bypassed() Sascha Hauer
2025-06-27 15:57 ` Marco Felsch
2025-06-27 17:26 ` Sascha Hauer
2025-06-27 17:42 ` Marco Felsch [this message]
2025-06-27 14:07 ` [PATCH 09/14] ARM: i.MX: add imx6_can_access_tzasc() Sascha Hauer
2025-06-27 15:33 ` Ahmad Fatoum
2025-06-27 17:39 ` Sascha Hauer
2025-06-27 16:04 ` Marco Felsch
2025-06-27 17:48 ` Sascha Hauer
2025-06-27 17:54 ` Marco Felsch
2025-06-27 14:07 ` [PATCH 10/14] ARM: optee-early: add mx6_start_optee_early helper Sascha Hauer
2025-06-27 15:38 ` Ahmad Fatoum
2025-06-27 14:07 ` [PATCH 11/14] ARM: i.MX: tqma6ulx: fix barebox chainloading with OP-TEE enabled Sascha Hauer
2025-06-27 15:39 ` Ahmad Fatoum
2025-06-27 16:08 ` Marco Felsch
2025-06-27 16:10 ` Marco Felsch
2025-06-27 14:07 ` [PATCH 12/14] ARM: i.MX: Webasto ccbv2: " Sascha Hauer
2025-06-27 15:17 ` Ahmad Fatoum
2025-06-27 14:07 ` [PATCH 13/14] ARM: optee-early: drop start_optee_early() Sascha Hauer
2025-06-27 15:21 ` Ahmad Fatoum
2025-06-27 17:59 ` Sascha Hauer
2025-06-27 14:08 ` [PATCH 14/14] ARM: i.MX: tqma6ulx: use ENTRY_FUNCTION_WITHSTACK Sascha Hauer
2025-06-27 15:21 ` Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250627174250.22gge4iigoje2fzr@pengutronix.de \
--to=m.felsch@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox