meta-ti/meta-ti-bsp/recipes-security/optee/optee-os/0001-plat-k3-drivers-Open-TRNG-firewall-for-TIFS-on-all-k.patch

From 00f74ba2ab00088d51e6da3c0eefe50599ef5c82 Mon Sep 17 00:00:00 2001
From: Prasanth Babu Mantena <p-mantena@ti.com>
Date: Mon, 3 Nov 2025 12:42:57 +0530
Subject: [PATCH] plat-k3: drivers: Open TRNG firewall for TIFS on all k3 devs

On k3 devices, TRNG is firewalled to be accessed only by OPTEE.

TIFS needs this for the encryption and decryption services to support
different low power modes. So, open firewall to TIFS as well.

There is no concurrent usage of TRNG, as TIFS uses TRNG only at suspend
when OPTEE is down and resume, when firewalls are restored but OPTEE is
not up yet.

As this is a firewall that required to be shared along with TIFS on all
devices, making this a common change and open on all devs.

Upstream-Status: Submitted [https://github.com/OP-TEE/optee_os/pull/7582]

Signed-off-by: Prasanth Babu Mantena <p-mantena@ti.com>
Reviewed-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>
---
 core/arch/arm/plat-k3/drivers/sa2ul.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/core/arch/arm/plat-k3/drivers/sa2ul.c b/core/arch/arm/plat-k3/drivers/sa2ul.c
index c50757b2c..e10bde131 100644
--- a/core/arch/arm/plat-k3/drivers/sa2ul.c
+++ b/core/arch/arm/plat-k3/drivers/sa2ul.c
@@ -121,12 +121,7 @@ static TEE_Result sa2ul_init(void)
	start_address = RNG_BASE;
	end_address = RNG_BASE + RNG_REG_SIZE - 1;
	permissions[num_perm++] = (FW_BIG_ARM_PRIVID << 16) | FW_SECURE_ONLY;
-#if defined(PLATFORM_FLAVOR_am62x) || \
-	defined(PLATFORM_FLAVOR_am62ax) || \
-	defined(PLATFORM_FLAVOR_am62px)
-
	permissions[num_perm++] = (FW_TIFS_PRIVID << 16) | FW_NON_SECURE;
-#endif
	ret = ti_sci_set_fwl_region(fwl_id, rng_region, num_perm,
				    control, permissions,
				    start_address, end_address);
--
2.34.1