AM625: Functional Safety MPU Implementation Support

HeZiJian

Part Number: AM625

Tool/software:

Both the R5 and A cores need to have the inaccessible address ranges in the DDR configured.

Taking the R5 core as an example, it is only permitted to access the shared memory and the green regions in the diagram. Any attempt to access an address outside these ranges results in a memory fault.

As mandated by the TSR requirements, the A-core should have a similar configuration to define its accessible address range. Any access beyond this range must trigger a memory fault and transition the system into a designated safe state. Please provide the corresponding safe state configuration method.

4 months ago

0 Nihar Potturu 4 months ago

TI__Mastermind 23196 points

Hello,

HeZiJian said:
Any access beyond this range must trigger a memory fault and transition the system into a designated safe state. Please provide the corresponding safe state configuration method.

Have you already reserved the DDR region in the device tree that is accessed by R5F core?

You can also configure firewalls so that R5F and A53 core cannot access other core's reserved region.

Regards,

Nihar Potturu

0 Joe Shen 4 months ago in reply to Nihar Potturu

TI__Expert 3795 points

Hi Nihar,

Yes, it reserved the DDR region in the device tree which is accessed by R5F core.

Could you please help to give an example how to config region firewalls to protect the DDR region?

Regards

Joe

0 Nihar Potturu 4 months ago in reply to Joe Shen

TI__Mastermind 23196 points

Hello Joe,

Joe Shen said:
Could you please help to give an example how to config region firewalls to protect the DDR region?

I have reassigned the thread to the Firewall expert to guide you on the configuration. Please expect a response shortly.

Regards,

Nihar Potturu

0 Prashant Shivhare 4 months ago in reply to Nihar Potturu

TI__Guru* 76151 points

Hello,

Joe Shen said:
Could you please help to give an example how to config region firewalls to protect the DDR region?

Please see the following resources:

Additionally, please have a look at the usage for these messages in the driver for configuring HSM RAM firewalls

github.com/.../bootloader_soc.c

0 Joe Shen 4 months ago in reply to Prashant Shivhare

TI__Expert 3795 points

Thanks Nihar, Prashant. We will try it out

Regards

Joe

0 Joe Shen 4 months ago in reply to Prashant Shivhare

TI__Expert 3795 points

Hi Prashant,

I am trying to set one region 0x9DB00000 - 0x9E700000 access by DM R5F core. please help to check below code.

I got some questions below, please help to give guidance. thanks.

-1-

I set the DSS0 PRIV-ID access right, Should the DSS0 PRIV-ID be enable or not?

-2-

refer to https://software-dl.ti.com/tisci/esd/latest/5_soc_doc/am62x/firewalls.html#list-of-priv-ids

The HOST-IDs in dm is N/A. i am filling TISCI_HOST_ID_MAIN_0_R5_1 into owner_index, is it right?

what is the difference between the below 4 Host ID?

/** MAIN_0_R5_0(Secure): Cortex R5_0 context 0 on Main island(BOOT) */
#define TISCI_HOST_ID_MAIN_0_R5_0 (35U)
/** MAIN_0_R5_1(Non Secure): Cortex R5_0 context 1 on Main island */
#define TISCI_HOST_ID_MAIN_0_R5_1 (36U)
/** MAIN_0_R5_2(Secure): Cortex R5_0 context 2 on Main island */
#define TISCI_HOST_ID_MAIN_0_R5_2 (37U)
/** MAIN_0_R5_3(Non Secure): Cortex R5_0 context 3 on Main island */
#define TISCI_HOST_ID_MAIN_0_R5_3 (38U)

const struct tisci_msg_fwl_set_firewall_region_req fwl_set_req =
{
    .fwl_id = CSL_STD_FW_DDR16SS0_SDRAM_ID,
    .region = 0,
    .n_permission_regs = 3,
    /* 0x3 - Firewall background region, Unlocked. 0xA - Enable Firewall */
    .control = 0x30A,
    /* PRIV_ID = 0xC3 implies everyone */
    .permissions[0] = 0xC3FFFF,
    .permissions[1] = 0xC3FFFF,
    .permissions[2] = 0xC3FFFF,
    .start_address = 0x0U,
    .end_address    = 0xFFFFFFFFFFFULL,
};

struct tisci_msg_fwl_set_firewall_region_resp fwl_set_resp = { 0 };

status = Sciclient_firewallSetRegion(&fwl_set_req, &fwl_set_resp, SystemP_TIMEOUT);

if(SystemP_SUCCESS == status)
{

    const struct tisci_msg_fwl_change_owner_info_req fwl_owner_req =
    {
        .fwl_id = CSL_STD_FW_DDR16SS0_SDRAM_ID,
        .region = 1U,
        /** MAIN_0_R5_1(Non Secure): Cortex R5_0 context 1 on Main island */
        .owner_index = TISCI_HOST_ID_MAIN_0_R5_1,
    };
    struct tisci_msg_fwl_change_owner_info_resp fwl_owner_resp = { 0 };
    status = Sciclient_firewallChangeOwnerInfo(&fwl_owner_req, &fwl_owner_resp, SystemP_TIMEOUT);
    if(SystemP_SUCCESS == status)
    {
        const struct tisci_msg_fwl_set_firewall_region_req fwl_set_req =
        {
            .fwl_id = CSL_STD_FW_DDR16SS0_SDRAM_ID,
            .region = 1U,
            .n_permission_regs = 3U,
            /* PRIV_ID = 0xD4 implies DM R5 core, giving full access to
             * to DM core. 0xC3 (everyone) is not given any access, and
             * 0xAD (DSS0 priv ID) is given all access.
             */
            .permissions[0] = 0xD4FFFF,
            .permissions[1] = 0xC30000,
            .permissions[2] = 0xADFFFF,
            .start_address = 0x9DB00000,
            .end_address    = 0x9E700000,

        };
        struct tisci_msg_fwl_set_firewall_region_resp fwl_set_resp = { 0 };

        status = Sciclient_firewallSetRegion(&fwl_set_req, &fwl_set_resp, SystemP_TIMEOUT);
    }
}

Regards

Joe

0 Prashant Shivhare 4 months ago in reply to Joe Shen

TI__Guru* 76151 points

Joe Shen said:
I set the DSS0 PRIV-ID access right, Should the DSS0 PRIV-ID be enable or not?

If you want to allow access for DSS then it should be mentioned in one of the permissions slot.

Joe Shen said:
The HOST-IDs in dm is N/A. i am filling TISCI_HOST_ID_MAIN_0_R5_1 into owner_index, is it right?

Yes.

Joe Shen said:
what is the difference between the below 4 Host ID?

Those are secure and non-secure host ids of the core. They are used in the context of the TISCI messages.

Processors

Processors forum

AM625: Functional Safety MPU Implementation Support