SPRACX6 June   2021 DRA821U , DRA821U , DRA821U-Q1 , DRA821U-Q1 , DRA829J , DRA829J , DRA829J-Q1 , DRA829J-Q1 , DRA829V , DRA829V , DRA829V-Q1 , DRA829V-Q1 , TDA4VM , TDA4VM , TDA4VM-Q1 , TDA4VM-Q1

 

  1.   Trademarks
  2. 1Introduction
  3. 2Firewall Documentation
    1. 2.1 Technical Reference Manual (TRM)
    2. 2.2 SDK TISCI Documentation
    3. 2.3 SDK Firewall Documentation
    4. 2.4 TI NDA Firewall Slide Sets
  4. 3Firewall Definitions and Terms
  5. 4SysConfig Tool
  6. 5Master Firewall versus Slave Firewall
    1. 5.1 Slave Firewalls
    2. 5.2 Master Firewalls
    3. 5.3 A72 Master Firewall
  7. 6Where to Firewall
    1. 6.1 Example
  8. 7Programming Firewalls
    1. 7.1 Sample SBL Code
      1. 7.1.1 Create a Table
      2. 7.1.2 Parse the Table of Firewall Regions
      3. 7.1.3 Utility Functions
      4. 7.1.4 Processor SDK 7.1 SBL Example

7.1.1 Create a Table

Create a table with entries in which each entry represents a firewall region. This format is the same format as the .c output used by SysConfig tool. In the example below, three regions are created for the A72 Master firewall. 

struct ti_sci_msg_fwl_region {
	uint16_t            fwl_id;
	uint16_t            region;
	uint32_t            n_permission_regs;
	uint32_t            control;
	uint32_t            permissions[FWL_MAX_PRIVID_SLOTS];
	uint64_t        start_address;
	uint64_t        end_address;
} __attribute__((__packed__));

void J721E_Set_Firewall(uint32_t isBuildHs)
{
    int32_t status = CSL_EFAIL;
	struct ti_sci_msg_fwl_region j721e_fwl_data[] = {

	    /* compute_cluster Master firewall  - background region 0 */
	    {
	        .fwl_id = CSL_MSTR_FW_A72SS0_CORE0_CPU_0_CPU_0_MSMC_ID,
	        .region = 0,
	        .n_permission_regs = 1,
	        .control = 0x30A,
	        .start_address = 0x00000000,
	        .end_address = 0xFFFFFFFFF,
	        .permissions = { 0x1FFFF }, // PrivId 1U
	    },
	    /* compute_cluster Master firewall  - region 1 */
	    {
	        .fwl_id = CSL_MSTR_FW_A72SS0_CORE0_CPU_0_CPU_0_MSMC_ID,
	        .region = 1,
	        .n_permission_regs = 1,
	        .control = 0x20A,
	        .start_address = 0xa0000000,
	        .end_address = 0xa8ffffff,
	        .permissions = { 0x10000 }, // PrivId 1U
	    },
	    /* compute_cluster Master firewall  - region 2 */
	    {
	        .fwl_id = CSL_MSTR_FW_A72SS0_CORE0_CPU_0_CPU_0_MSMC_ID,
	        .region = 2,
	        .n_permission_regs = 1,
	        .control = 0x20A,
	        .start_address = 0xce000000,
	        .end_address = 0xfbffffff,
	        .permissions = { 0x10000 }, // PrivId 1U
	    },
	};
  • Region 0 as a background region, giving A72 full access to memory range.
  • Region 1 and 2, then introduce restrictions, ensuring that A72 does not have any permissions on the memory ranges defined for those regions.
  • Note that for all three of the regions, the Privid on the .permissions entry, indicates which originator the permissions should be applied to. When bit [16] is set to ‘1’, this indicates that the permissions are to be applied to transactions originated from the A72.