• State Resolved
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 100 subscribers
  • Views 413 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

RE: PROCESSOR-SDK-AM64X: AM64x MCU+ SDK 09.02.00 - Resource allocation

Benjamin Limmer
Prodigy 70 points

Hello Tushar,

I have realized that I still don't understand how firewalls are intended to be configured and used.

The firewall configuration has to be part of the boardcfg, so the system controller / DMSC can monitor firewall permissions and respond to requests from the different cores regarding firewall config, right?

If that is true, and I cannot configure firewalls in the resource partitioning tool at the moment, how do I add my required firewall config to the boardcfg?

Regards,

Benjamin

  • 0
    TI__Mastermind 49888 points

    Hello Benjamin,

    Thanks for your query.

    I have routed your query to our subject matter expert. Please expect response in a day or two.

    Regards,

    Tushar

  • 0 in reply to Tushar Thakur
    TI__Guru 71051 points

    Hi Benjamin,

    The firewall configurations has nothing to do with the Board Configurations. You can write code to configure the required firewalls.

    You may find the following Firewall FAQ helpful

    https://software-dl.ti.com/tisci/esd/latest/6_topic_user_guides/firewall_faq.html

    Regards,

    Prashant 

  • 0 in reply to Prashant Shivhare
    Prodigy 70 points

    Hi Prashant,

    thank you for your reply. 

    You are saying that firewall configurations have nothing to do with Board Configurations ("boardcfg").

    That confuses me a little because of the following:

    • The Resource Allocation tool to modify the boardcfg (K3 Respart Tool) does include a section for firewall configuration. According to Tushar, it is currently not possible to configure firewalls using this tool But why is firewall config included in the tool, if one has nothing to do with the other as you say?
    • The TISCI documentation states that "If a firewall is owned by rm, it means that the corresponding resource is managed by the resource manager based on the RM boardcfg." (see https://software-dl.ti.com/tisci/esd/latest/5_soc_doc/am64x/firewalls.html)
    • The firewall TISCI description states "Navss/DMSS resources not used by DMSC/TIFS are firewalled and ownership of the firewalls is assigned to Resource Manager(RM). The intent is that RM programs the firewalls for Navss/DMSS resources based on resource assignment in board configuration." (see https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/firewall_api.html)

    Can you shed some light on that? 


    Also, in my original post I have included one question that has not been answered so far:

    "The firewall configuration has to be part of the boardcfg, so the system controller / DMSC can monitor firewall permissions and respond to requests from the different cores regarding firewall config, right?"

    Is my understanding correct, that the system controller / DMSC monitors requests from the R5 cores regarding firewall config?
    Is it correct that the system controller has to have some information regarding the core permissions for firewall config in advance? (Which I thought was done using the boardcfg).

    Regards,

    Benjamin

  • +1 in reply to Benjamin Limmer
    TI__Guru 71051 points

    Hi Benjamin,

    The Resource Partitioning Tool is not particularly tied to Board Configurations alone. It is more of a convenience GUI tool to manage the different types of resources (board configurations, firewalls, qos, etc.) and autogenerate the code for them.

    As of now, the tool only supports managing Board Configurations and autogenerating the code for it to be integrated manually in the SDK.

    The later two points mean that the Sysfw's RM component configures some firewalls corresponding to the RM Board Config to allow only the configured hosts access to the different resources as mentioned in the Board Configs.

    Benjamin Limmer said:
    Is my understanding correct, that the system controller / DMSC monitors requests from the R5 cores regarding firewall config?
    Is it correct that the system controller has to have some information regarding the core permissions for firewall config in advance? (Which I thought was done using the boardcfg).

    The firewall configurations can be done from any core using the TISCI Firewall APIs

    https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/firewall_api.html

    I would recommend you to go through the Bootloader_socOpenFirewallRegion function once that configures MSRAM firewalls

    https://github.com/TexasInstruments/mcupsdk-core/blob/de6551c6420e3d573b38477fe400ab072cd9f13f/source/drivers/bootloader/soc/am64x_am243x/bootloader_soc.c#L1105

    Regards,

    Prashant