@@ -1,5 +1,7 @@
# NOTE: This .inc file with customizations only gets included for K3 platforms
+FILESEXTRAPATHS:prepend := "${THISDIR}/trusted-firmware-a:"
+
PV = "2.13+git"
LIC_FILES_CHKSUM = "file://docs/license.rst;md5=6ed7bace7b0bc63021c6eba7b524039e"
@@ -28,3 +30,14 @@ EXTRA_OEMAKE += "${@ 'BL32_BASE=' + d.getVar('TFA_K3_BL32_BASE') if d.getVar('TF
EXTRA_OEMAKE += "${@ 'PRELOADED_BL33_BASE=' + d.getVar('TFA_K3_PRELOADED_BL33') if d.getVar('TFA_K3_PRELOADED_BL33') else ''}"
EXTRA_OEMAKE += "${@ 'K3_PM_SYSTEM_SUSPEND=' + d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else ''}"
EXTRA_OEMAKE:append:ti-falcon = " PRELOADED_BL33_BASE=0x82000000 K3_HW_CONFIG_BASE=0x88000000"
+
+# LPM support patches for Jacinto platforms (J7200, J742S2, J784S4)
+TFA_JACINTO_LPM_PATCHES = " \
+ file://0001-feat-k3-choose-cluster_start_id-depending-on-the-soc.patch \
+ file://0002-feat-ti-add-message-to-encrypt-tfa-during-suspend.patch \
+ file://0003-feat-k3-handle-suspend-in-case-of-LPM_BOARDCFG_MANAG.patch \
+"
+
+SRC_URI:append:j7200 = " ${TFA_JACINTO_LPM_PATCHES}"
+SRC_URI:append:j742s2 = " ${TFA_JACINTO_LPM_PATCHES}"
+SRC_URI:append:j784s4 = " ${TFA_JACINTO_LPM_PATCHES}"
new file mode 100644
@@ -0,0 +1,116 @@
+From 3de4f871d9bfe29c3862860e494bfa70ba72af3e Mon Sep 17 00:00:00 2001
+From: Abhash Kumar Jha <a-kumar2@ti.com>
+Date: Mon, 20 Oct 2025 11:26:17 +0530
+Subject: [PATCH 1/3] feat(k3): choose cluster_start_id depending on the soc
+
+The CLUSTER_DEVICE_START_ID denotes the device id of the A-core cluster.
+It is utilized when powering off the entire cluster.
+
+J7200, J721E and J721S2 have a different cluster_start_id than their
+"generic" counterparts.
+
+Query the JTAG_ID register to get the part id and choose the
+cluster_start_id depending on that.
+
+Upstream-Status: Pending
+
+Change-Id: I44d3ac0ec646c39019e4c0167d34f410015a147a
+Signed-off-by: Abhash Kumar Jha <a-kumar2@ti.com>
+---
+ plat/ti/k3/common/k3_bl31_setup.c | 1 +
+ plat/ti/k3/common/k3_psci.c | 25 ++++++++++++++++++++++++-
+ plat/ti/k3/include/platform_def.h | 16 ++++++++++++++++
+ 3 files changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/plat/ti/k3/common/k3_bl31_setup.c b/plat/ti/k3/common/k3_bl31_setup.c
+index 1b93dc860..79a9c924c 100644
+--- a/plat/ti/k3/common/k3_bl31_setup.c
++++ b/plat/ti/k3/common/k3_bl31_setup.c
+@@ -20,6 +20,7 @@ const mmap_region_t plat_k3_mmap[] = {
+ K3_MAP_REGION_FLAT(SEC_PROXY_RT_BASE, SEC_PROXY_RT_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
+ K3_MAP_REGION_FLAT(SEC_PROXY_SCFG_BASE, SEC_PROXY_SCFG_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
+ K3_MAP_REGION_FLAT(SEC_PROXY_DATA_BASE, SEC_PROXY_DATA_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
++ K3_MAP_REGION_FLAT(WKUP_CTRL_MMR0_BASE, WKUP_CTRL_MMR0_SIZE, MT_DEVICE | MT_RW | MT_SECURE),
+ { /* sentinel */ }
+ };
+
+diff --git a/plat/ti/k3/common/k3_psci.c b/plat/ti/k3/common/k3_psci.c
+index ec37d9f4c..a443dd851 100644
+--- a/plat/ti/k3/common/k3_psci.c
++++ b/plat/ti/k3/common/k3_psci.c
+@@ -11,6 +11,8 @@
+ #include <common/debug.h>
+ #include <lib/el3_runtime/cpu_data.h>
+ #include <lib/psci/psci.h>
++#include <lib/mmio.h>
++#include <lib/utils_def.h>
+ #include <plat/common/platform.h>
+
+ #include <ti_sci_protocol.h>
+@@ -83,6 +85,27 @@ static int k3_pwr_domain_on(u_register_t mpidr)
+ return PSCI_E_SUCCESS;
+ }
+
++uint32_t get_plat_cluster_start_id()
++{
++ static uint32_t cluster_id;
++ uint32_t part_id, jtag_id_reg;
++
++ if (cluster_id) {
++ return cluster_id;
++ }
++
++ jtag_id_reg = mmio_read_32(WKUP_CTRL_MMR0_BASE + JTAG_ID);
++ part_id = EXTRACT(JTAG_PART_ID, jtag_id_reg);
++
++ if ((part_id == J7200_PART_ID) || (part_id == J721E_PART_ID) || (part_id == J721S2_PART_ID)) {
++ cluster_id = J7_PLAT_CLUSTER_DEVICE_START_ID;
++ } else {
++ cluster_id = PLAT_CLUSTER_DEVICE_START_ID;
++ }
++
++ return cluster_id;
++}
++
+ void k3_pwr_domain_off(const psci_power_state_t *target_state)
+ {
+ int core, cluster, proc_id, device_id, cluster_id, ret;
+@@ -97,7 +120,7 @@ void k3_pwr_domain_off(const psci_power_state_t *target_state)
+ cluster = MPIDR_AFFLVL1_VAL(read_mpidr_el1());
+ proc_id = PLAT_PROC_START_ID + core;
+ device_id = PLAT_PROC_DEVICE_START_ID + core;
+- cluster_id = PLAT_CLUSTER_DEVICE_START_ID + (cluster * 2);
++ cluster_id = get_plat_cluster_start_id() + (cluster * 2);
+
+ /*
+ * If we are the last core in the cluster then we take a reference to
+diff --git a/plat/ti/k3/include/platform_def.h b/plat/ti/k3/include/platform_def.h
+index db5e31d95..d191781a6 100644
+--- a/plat/ti/k3/include/platform_def.h
++++ b/plat/ti/k3/include/platform_def.h
+@@ -25,6 +25,22 @@
+ #define SEC_PROXY_RT_SIZE 0x80000
+ #endif /* K3_SEC_PROXY_LITE */
+
++#define WKUP_CTRL_MMR0_BASE UL(0x43000000)
++#define WKUP_CTRL_MMR0_SIZE UL(0x20000)
++#define JTAG_ID U(0x14)
++#define JTAG_PART_ID_MASK GENMASK(27, 12)
++
++#define J721E_PART_ID U(0xBB64)
++#define J7200_PART_ID U(0xBB6D)
++#define J721S2_PART_ID U(0xBB75)
++#define J784S4_J742S2_PART_ID U(0xBB80)
++
++#define JTAG_PART_ID_WIDTH U(0x10)
++#define JTAG_PART_ID_SHIFT U(0xC)
++
++/* A-core Cluster Device ID for j721e, j7200 and j721s2 */
++#define J7_PLAT_CLUSTER_DEVICE_START_ID U(0x4)
++
+ #define SEC_PROXY_TIMEOUT_US 1000000
+ #define SEC_PROXY_MAX_MESSAGE_SIZE 56
+
+--
+2.34.1
+
new file mode 100644
@@ -0,0 +1,195 @@
+From c79ff3679a4360bb848b01d4036c365533fcf791 Mon Sep 17 00:00:00 2001
+From: Richard Genoud <richard.genoud@bootlin.com>
+Date: Tue, 11 Feb 2025 18:20:17 +0100
+Subject: [PATCH 2/3] feat(ti): add message to encrypt tfa during suspend
+
+At suspend, BL31 with its context will be encrypted by TIFS in DDR.
+Encryption is needed for security matters, so that the BL31 is not
+modified before entering suspend or early at resume.
+
+We only need the encryption function here because the decryption message
+will be send by the R5 SPL at resume.
+
+Also introduce the LPM_ENCRYPT_IMAGE cap signals that FW has the support
+to encrypt the image using the TISCI_MSG_LPM_ENCRYPT tisci message.
+
+This is useful in suspend to ram cases where we would like to
+store the encrypted image of a secure fw instead of the original image
+itself in the DDR.
+
+Check for LPM_ENCRYPT_IMAGE flag in the FW capabilities, and only then
+call encrypt.
+
+Upstream-Status: Pending
+
+Change-Id: I266472da87dd0821493019b2d9853f8886f33811
+Signed-off-by: Richard Genoud <richard.genoud@bootlin.com>
+Signed-off-by: Abhash Kumar Jha <a-kumar2@ti.com>
+---
+ drivers/ti/ti_sci/ti_sci.c | 36 +++++++++++++++++++++++++++++
+ drivers/ti/ti_sci/ti_sci.h | 7 ++++++
+ drivers/ti/ti_sci/ti_sci_protocol.h | 32 +++++++++++++++++++++++++
+ plat/ti/k3/common/k3_psci.c | 10 ++++++++
+ 4 files changed, 85 insertions(+)
+
+diff --git a/drivers/ti/ti_sci/ti_sci.c b/drivers/ti/ti_sci/ti_sci.c
+index f0813e5b0..ee5f7166f 100644
+--- a/drivers/ti/ti_sci/ti_sci.c
++++ b/drivers/ti/ti_sci/ti_sci.c
+@@ -1784,3 +1784,39 @@ int ti_sci_lpm_get_next_sys_mode(uint8_t *next_mode)
+
+ return 0;
+ }
++/*
++ * ti_sci_encrypt_tfa - Ask TIFS to encrypt TFA at a specific address
++ *
++ * @src_tfa_addr: Address where the TFA lies unencrypted
++ * @src_tfa_len: Size of the TFA unencrypted
++ *
++ * Return: 0 if all goes well, else appropriate error message
++ */
++int ti_sci_encrypt_tfa(uint64_t src_tfa_addr,
++ uint32_t src_tfa_len)
++{
++ struct ti_sci_msg_req_encrypt_tfa req = { 0 };
++ struct ti_sci_msg_resp_encrypt_tfa resp = { 0 };
++ struct ti_sci_xfer xfer;
++ int ret;
++
++ ret = ti_sci_setup_one_xfer(TISCI_MSG_LPM_ENCRYPT_TFA, 0,
++ &req, sizeof(req),
++ &resp, sizeof(resp),
++ &xfer);
++ if (ret != 0U) {
++ ERROR("Message alloc failed (%d)\n", ret);
++ return ret;
++ }
++
++ req.src_tfa_addr = src_tfa_addr;
++ req.src_tfa_len = src_tfa_len;
++
++ ret = ti_sci_do_xfer(&xfer);
++ if (ret != 0U) {
++ ERROR("Transfer send failed (%d)\n", ret);
++ return ret;
++ }
++
++ return 0;
++}
+diff --git a/drivers/ti/ti_sci/ti_sci.h b/drivers/ti/ti_sci/ti_sci.h
+index 1f1963274..2afa11317 100644
+--- a/drivers/ti/ti_sci/ti_sci.h
++++ b/drivers/ti/ti_sci/ti_sci.h
+@@ -258,6 +258,11 @@ int ti_sci_proc_wait_boot_status_no_wait(uint8_t proc_id,
+ *
+ * Return: 0 if all goes well, else appropriate error message
+ *
++ * - ti_sci_encrypt_tfa - Ask TIFS to encrypt TFA at a specific address
++ *
++ * @src_tfa_addr: Address where the TFA lies unencrypted
++ * @src_tfa_len: Size of the TFA unencrypted
++ *
+ * NOTE: for all these functions, the following are generic in nature:
+ * Returns 0 for successful request, else returns corresponding error message.
+ */
+@@ -265,5 +270,7 @@ int ti_sci_enter_sleep(uint8_t proc_id,
+ uint8_t mode,
+ uint64_t core_resume_addr);
+ int ti_sci_lpm_get_next_sys_mode(uint8_t *next_mode);
++int ti_sci_encrypt_tfa(uint64_t src_tfa_addr,
++ uint32_t src_tfa_len);
+
+ #endif /* TI_SCI_H */
+diff --git a/drivers/ti/ti_sci/ti_sci_protocol.h b/drivers/ti/ti_sci/ti_sci_protocol.h
+index bdd24622a..a165cda99 100644
+--- a/drivers/ti/ti_sci/ti_sci_protocol.h
++++ b/drivers/ti/ti_sci/ti_sci_protocol.h
+@@ -53,6 +53,9 @@
+ #define TISCI_MSG_GET_PROC_BOOT_STATUS 0xc400
+ #define TISCI_MSG_WAIT_PROC_BOOT_STATUS 0xc401
+
++/* TFA encrypt/decrypt messages */
++#define TISCI_MSG_LPM_ENCRYPT_TFA 0x030F
++
+ /**
+ * struct ti_sci_secure_msg_hdr - Header that prefixes all TISCI messages sent
+ * via secure transport.
+@@ -160,6 +163,7 @@ struct ti_sci_msg_resp_query_fw_caps {
+ #define MSG_FLAG_CAPS_LPM_STANDBY TI_SCI_MSG_FLAG(3)
+ #define MSG_FLAG_CAPS_LPM_PARTIAL_IO TI_SCI_MSG_FLAG(4)
+ #define MSG_FLAG_CAPS_LPM_DM_MANAGED TI_SCI_MSG_FLAG(5)
++#define MSG_FLAG_CAPS_LPM_ENCRYPT_IMAGE TI_SCI_MSG_FLAG(11)
+ uint64_t fw_caps;
+ } __packed;
+
+@@ -810,4 +814,32 @@ struct ti_sci_msg_resp_lpm_get_next_sys_mode {
+ uint8_t mode;
+ } __packed;
+
++/*
++ * struct ti_sci_msg_req_encrypt_tfa - Request for TISCI_MSG_LPM_ENCRYPT_TFA.
++ *
++ * @hdr Generic Header
++ * @src_tfa_addr: Address where the TFA lies unencrypted
++ * @src_tfa_len: Size of the TFA unencrypted
++ *
++ * This message is to be sent when the system is going in suspend, just before
++ * TI_SCI_MSG_ENTER_SLEEP.
++ * The TIFS will then encrypt the TFA and store it in RAM, along with a private
++ * header.
++ * Upon resume, the SPL will ask TIFS to decrypt it back.
++ */
++struct ti_sci_msg_req_encrypt_tfa {
++ struct ti_sci_msg_hdr hdr;
++ uint64_t src_tfa_addr;
++ uint32_t src_tfa_len;
++} __packed;
++
++/*
++ * struct ti_sci_msg_req_encrypt_tfa - Request for TISCI_MSG_LPM_ENCRYPT_TFA.
++ *
++ * @hdr Generic Header
++ */
++struct ti_sci_msg_resp_encrypt_tfa {
++ struct ti_sci_msg_hdr hdr;
++} __packed;
++
+ #endif /* TI_SCI_PROTOCOL_H */
+diff --git a/plat/ti/k3/common/k3_psci.c b/plat/ti/k3/common/k3_psci.c
+index a443dd851..c2017666b 100644
+--- a/plat/ti/k3/common/k3_psci.c
++++ b/plat/ti/k3/common/k3_psci.c
+@@ -24,6 +24,7 @@
+ #define SYSTEM_PWR_STATE(state) ((state)->pwr_domain_state[PLAT_MAX_PWR_LVL])
+
+ uintptr_t k3_sec_entrypoint;
++bool encrypt_image;
+
+ static void k3_cpu_standby(plat_local_state_t cpu_state)
+ {
+@@ -282,6 +283,11 @@ static void k3_pwr_domain_suspend_to_mode(const psci_power_state_t *target_state
+ k3_gic_cpuif_disable();
+ k3_gic_save_context();
+
++ if (encrypt_image)
++ {
++ ti_sci_encrypt_tfa((uint64_t)__TEXT_START__, BL31_SIZE);
++ }
++
+ k3_pwr_domain_off(target_state);
+
+ ti_sci_enter_sleep(proc_id, mode, k3_sec_entrypoint);
+@@ -347,6 +353,10 @@ int plat_setup_psci_ops(uintptr_t sec_entrypoint,
+ ERROR("Unable to query firmware capabilities (%d)\n", ret);
+ }
+
++ if (fw_caps & MSG_FLAG_CAPS_LPM_ENCRYPT_IMAGE) {
++ encrypt_image = true;
++ }
++
+ /* If firmware does not support any known suspend mode */
+ if (!(fw_caps & (MSG_FLAG_CAPS_LPM_DEEP_SLEEP |
+ MSG_FLAG_CAPS_LPM_MCU_ONLY |
+--
+2.34.1
+
new file mode 100644
@@ -0,0 +1,69 @@
+From 470cf022d03e350beab36605d4250944d2c92ffe Mon Sep 17 00:00:00 2001
+From: Abhash Kumar Jha <a-kumar2@ti.com>
+Date: Tue, 28 Oct 2025 23:24:22 +0530
+Subject: [PATCH 3/3] feat(k3): handle suspend in case of LPM_BOARDCFG_MANAGED
+
+The J7 platforms support LPM_BOARDCFG_MANAGED capability where the
+low power mode configuration is done statically for the DM via the
+pm-boardcfg.
+
+This is entirely opposite to the case of DM_MANAGED, where the DM fw
+decides the low power mode to enter into.
+
+Introduce LPM_BOARDCFG_MANAGED cap to handle suspend for those
+platforms as well.
+
+Upstream-Status: Pending
+
+Change-Id: Iaa0ab478cbe0db6652f61e9d733c0fddb4bab234
+Signed-off-by: Abhash Kumar Jha <a-kumar2@ti.com>
+---
+ drivers/ti/ti_sci/ti_sci_protocol.h | 1 +
+ plat/ti/k3/common/k3_psci.c | 13 ++++++++-----
+ 2 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/ti/ti_sci/ti_sci_protocol.h b/drivers/ti/ti_sci/ti_sci_protocol.h
+index a165cda99..b83174b0d 100644
+--- a/drivers/ti/ti_sci/ti_sci_protocol.h
++++ b/drivers/ti/ti_sci/ti_sci_protocol.h
+@@ -164,6 +164,7 @@ struct ti_sci_msg_resp_query_fw_caps {
+ #define MSG_FLAG_CAPS_LPM_PARTIAL_IO TI_SCI_MSG_FLAG(4)
+ #define MSG_FLAG_CAPS_LPM_DM_MANAGED TI_SCI_MSG_FLAG(5)
+ #define MSG_FLAG_CAPS_LPM_ENCRYPT_IMAGE TI_SCI_MSG_FLAG(11)
++#define MSG_FLAG_CAPS_LPM_BOARDCFG_MANAGED TI_SCI_MSG_FLAG(12)
+ uint64_t fw_caps;
+ } __packed;
+
+diff --git a/plat/ti/k3/common/k3_psci.c b/plat/ti/k3/common/k3_psci.c
+index c2017666b..9cf41b4cb 100644
+--- a/plat/ti/k3/common/k3_psci.c
++++ b/plat/ti/k3/common/k3_psci.c
+@@ -357,17 +357,20 @@ int plat_setup_psci_ops(uintptr_t sec_entrypoint,
+ encrypt_image = true;
+ }
+
+- /* If firmware does not support any known suspend mode */
+- if (!(fw_caps & (MSG_FLAG_CAPS_LPM_DEEP_SLEEP |
++ /* If firmware is capabale of low power modes */
++ if (fw_caps & (MSG_FLAG_CAPS_LPM_DM_MANAGED |
++ MSG_FLAG_CAPS_LPM_BOARDCFG_MANAGED)) {
++ k3_plat_psci_ops.pwr_domain_suspend = k3_pwr_domain_suspend_dm_managed;
++ } else if (!(fw_caps & (MSG_FLAG_CAPS_LPM_DEEP_SLEEP |
+ MSG_FLAG_CAPS_LPM_MCU_ONLY |
+ MSG_FLAG_CAPS_LPM_STANDBY |
+ MSG_FLAG_CAPS_LPM_PARTIAL_IO))) {
+- /* Disable PSCI suspend support */
++ /* If firmware does not support any known suspend mode
++ * disable PSCI suspend support
++ */
+ k3_plat_psci_ops.pwr_domain_suspend = NULL;
+ k3_plat_psci_ops.pwr_domain_suspend_finish = NULL;
+ k3_plat_psci_ops.get_sys_suspend_power_state = NULL;
+- } else if (fw_caps & MSG_FLAG_CAPS_LPM_DM_MANAGED) {
+- k3_plat_psci_ops.pwr_domain_suspend = k3_pwr_domain_suspend_dm_managed;
+ }
+
+ *psci_ops = &k3_plat_psci_ops;
+--
+2.34.1
+
@@ -1,6 +1,8 @@
# Use TI SECDEV for signing
inherit ti-secdev
+FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
+
EXTRA_OEMAKE:remove = "CFG_MAP_EXT_DT_SECURE=y"
EXTRA_OEMAKE:append:k3 = " ${@ 'CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}"
@@ -76,3 +78,12 @@ RDEPENDS:${PN} += "${PN}-ta"
# This is needed for bl32.elf
INSANE_SKIP:${PN}:append:k3 = " textrel"
+
+# LPM support patch for Jacinto platforms (J7200, J742S2, J784S4)
+OPTEE_JACINTO_LPM_PATCHES = " \
+ file://0001-plat-k3-drivers-Open-TRNG-firewall-for-TIFS-on-all-k.patch \
+"
+
+SRC_URI:append:j7200 = " ${OPTEE_JACINTO_LPM_PATCHES}"
+SRC_URI:append:j742s2 = " ${OPTEE_JACINTO_LPM_PATCHES}"
+SRC_URI:append:j784s4 = " ${OPTEE_JACINTO_LPM_PATCHES}"
new file mode 100644
@@ -0,0 +1,46 @@
+From 00f74ba2ab00088d51e6da3c0eefe50599ef5c82 Mon Sep 17 00:00:00 2001
+From: Prasanth Babu Mantena <p-mantena@ti.com>
+Date: Mon, 3 Nov 2025 12:42:57 +0530
+Subject: [PATCH] plat-k3: drivers: Open TRNG firewall for TIFS on all k3 devs
+
+On k3 devices, TRNG is firewalled to be accessed only by OPTEE.
+
+TIFS needs this for the encryption and decryption services to support
+different low power modes. So, open firewall to TIFS as well.
+
+There is no concurrent usage of TRNG, as TIFS uses TRNG only at suspend
+when OPTEE is down and resume, when firewalls are restored but OPTEE is
+not up yet.
+
+As this is a firewall that required to be shared along with TIFS on all
+devices, making this a common change and open on all devs.
+
+Upstream-Status: Submitted [https://github.com/OP-TEE/optee_os/pull/7582]
+
+Signed-off-by: Prasanth Babu Mantena <p-mantena@ti.com>
+Reviewed-by: Manorit Chawdhry <m-chawdhry@ti.com>
+Reviewed-by: Andrew Davis <afd@ti.com>
+---
+ core/arch/arm/plat-k3/drivers/sa2ul.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/core/arch/arm/plat-k3/drivers/sa2ul.c b/core/arch/arm/plat-k3/drivers/sa2ul.c
+index c50757b2c..e10bde131 100644
+--- a/core/arch/arm/plat-k3/drivers/sa2ul.c
++++ b/core/arch/arm/plat-k3/drivers/sa2ul.c
+@@ -121,12 +121,7 @@ static TEE_Result sa2ul_init(void)
+ start_address = RNG_BASE;
+ end_address = RNG_BASE + RNG_REG_SIZE - 1;
+ permissions[num_perm++] = (FW_BIG_ARM_PRIVID << 16) | FW_SECURE_ONLY;
+-#if defined(PLATFORM_FLAVOR_am62x) || \
+- defined(PLATFORM_FLAVOR_am62ax) || \
+- defined(PLATFORM_FLAVOR_am62px)
+-
+ permissions[num_perm++] = (FW_TIFS_PRIVID << 16) | FW_NON_SECURE;
+-#endif
+ ret = ti_sci_set_fwl_region(fwl_id, rng_region, num_perm,
+ control, permissions,
+ start_address, end_address);
+--
+2.34.1
+
Adds the required TF-A and OP-TEE patches to enable LPM support on J7200, J784s4, J742s2. Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> --- v1->v2: Ryan: - Variablized the repeated patchfiles - Remove the meta-ti-bsp prefix .../trusted-firmware-a-ti.inc | 13 ++ ...luster_start_id-depending-on-the-soc.patch | 116 +++++++++++ ...essage-to-encrypt-tfa-during-suspend.patch | 195 ++++++++++++++++++ ...uspend-in-case-of-LPM_BOARDCFG_MANAG.patch | 69 +++++++ .../optee/optee-os-ti-overrides.inc | 11 + ...Open-TRNG-firewall-for-TIFS-on-all-k.patch | 46 +++++ 6 files changed, 450 insertions(+) create mode 100644 meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a/0001-feat-k3-choose-cluster_start_id-depending-on-the-soc.patch create mode 100644 meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a/0002-feat-ti-add-message-to-encrypt-tfa-during-suspend.patch create mode 100644 meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a/0003-feat-k3-handle-suspend-in-case-of-LPM_BOARDCFG_MANAG.patch create mode 100644 meta-ti-bsp/recipes-security/optee/optee-os/0001-plat-k3-drivers-Open-TRNG-firewall-for-TIFS-on-all-k.patch