Hi!
When I launch
apt-get update
I got this
E/TC:0 dump_fail_filter:420 Permission violation on filter 0
E/TC:0 dump_fail_filter:425 Violation @0xdf800000, non-secure privileged read, AXI ID 4a0
E/TC:0 tzc_it_handler:79 TZC permission failure
E/TC:0 dump_fail_filter:420 Permission violation on filter 0
E/TC:0 dump_fail_filter:425 Violation @0xdf800000, non-secure privileged write, AXI ID 480
E/TC:0 tzc_it_handler:79 TZC permission failure
E/TC:0 dump_fail_filter:420 Permission violation on filter 0
E/TC:0 dump_fail_filter:425 Violation @0xdf800020, non-secure privileged read, AXI ID 4a0
E/TC:0 tzc_it_handler:79 TZC permission failure
E/TC:0 dump_fail_filter:420 Permission violation on filter 0
E/TC:0 dump_fail_filter:425 Violation @0xdf800040, non-secure privileged read, AXI ID 4a0
E/TC:0 tzc_it_handler:79 TZC permission failure
E/TC:0 dump_fail_filter:420 Permission violation on filter 0
E/TC:0 dump_fail_filter:425 Violation @0xdf800080, non-secure privileged read, AXI ID 4a0
The memory 0xdf800000 is inside the DDR memory
When I'm looking inside the datasheet and converting 0x4a0 and 0x480 to binary. Which becomes:
| 0x4a0 | 0x480 |
| 10010100000 | 10010000000 |
So I guess it has to do with the CPU?
By Op-tee device tree have a special node called Extended TrustZone Protection Controller.
&etzpc{
status = "okay";
st,decprot = <
/*"NS_R S_W" peripherals*/
DECPROT(STM32MP1_ETZPC_DDRCTRL_ID, DECPROT_NS_R_S_W, DECPROT_LOCK)
DECPROT(STM32MP1_ETZPC_DDRPHYC_ID, DECPROT_NS_R_S_W, DECPROT_LOCK)
/*"Non Secured" peripherals*/
DECPROT(STM32MP1_ETZPC_DMA1_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
DECPROT(STM32MP1_ETZPC_DMAMUX_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
DECPROT(STM32MP1_ETZPC_ETH_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
DECPROT(STM32MP1_ETZPC_CEC_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
DECPROT(STM32MP1_ETZPC_I2C1_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
DECPROT(STM32MP1_ETZPC_I2C4_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
DECPROT(STM32MP1_ETZPC_SPI2_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
DECPROT(STM32MP1_ETZPC_RNG1_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
DECPROT(STM32MP1_ETZPC_UART4_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
DECPROT(STM32MP1_ETZPC_OTG_ID, DECPROT_NS_RW, DECPROT_UNLOCK)
/*"Secured" peripherals*/
DECPROT(STM32MP1_ETZPC_STGENC_ID, DECPROT_S_RW, DECPROT_UNLOCK)
/*"Mcu Isolation" peripherals*/
DECPROT(STM32MP1_ETZPC_DMA2_ID, DECPROT_MCU_ISOLATION, DECPROT_UNLOCK)
/*Restriction: following IDs are not managed - please to use User-Section if needed:
STM32MP1_ETZPC_SRAMx_ID STM32MP1_ETZPC_RETRAM_ID STM32MP1_ETZPC_BKPSRAM_ID*/
/* USER CODE BEGIN etzpc_decprot */
/*STM32CubeMX generates a basic and standard configuration for ETZPC.
Additional device configurations can be added here if needed.
"etzpc" node could be also overloaded in "addons" User-Section.*/
/* USER CODE END etzpc_decprot */
>;
/* USER CODE BEGIN etzpc */
/* USER CODE END etzpc */
};
Question:
If I'm correct, that my linux kernel, or linux distribution, cannot write och read to the CPU. That means I need to configure that in the device tree? Right? So what chould I change inside the device tree to make premissions for my software to write or read to the address 0x4a0 and 0x480 inside the CPU?
Should I add this inside the Linux Device Tree?
reserved-memory {
#address-cells = <1>;
#size-cells = <1>;
ranges;
/* USER CODE BEGIN reserved-memory */
optee@de000000 {
reg = <0xde000000 0x2000000>;
no-map;
};
..
..
..
};
1 ACCEPTED SOLUTION
Accepted Solutions
