[PATCH v3 00/10] Firewall ATF and OP-TEE memory regions in Sitara

[PATCH v3 00/10] Firewall ATF and OP-TEE memory regions in Sitara

[Suhaas Joshi]

This series starts by replacing hard-coded addresses in firewall templates that are defined in
k3-binman.dtsi, by Kconfigs. Using Kconfigs makes it easier for someone to move ATF and OP-TEE to
another location, since they wouldn't have to fiddle with the firewall configurations in dtsi files.

The rest of the commits in this series add firewall configs to each device's dtsi files.

I have only tested this patch series with TI boards. For non-TI Sitara boards, respective board
maintainers are requested to test the relevant patch and confirm whether it works.

To test this, I used `k3conf <read|write> <address> [<value>]`. Both of these operations were
disallowed, as expected.

Changes v2 -> v3
    * Added configs in non-TI Sitara-based boards' dtsi files, as per Francesco's review.
    * Link to v2: https://lore.kernel.org/u-boot/20260121054712.176939-1-s-joshi@ti.com/
Changes v1 -> v2
    * Removed un-required empty lines in accordance with Neha's review.
    * Link to v1: https://lore.kernel.org/u-boot/20260112093643.885903-1-s-joshi@ti.com/

Suhaas Joshi (10):
  arm: dts: k3-binman: Use configs for ATF/OPTEE addresses
  arm: dts: k3-am625-binman: Configure firewall for ATF/OPTEE
  arm: dts: k3-am625-phycore-binman: Configure firewall for ATF/OPTEE
  arm: dts: k3-am625-verdin-binman: Configure Firewall for ATF/OPTEE
  arm: dts: k3-am62p-binman: Configure firewall for ATF/OPTEE
  arm: dts: k3-am62p5-verdin-binman: Configure firewall for ATF/OPTEE
  arm: dts: k3-am62a-binman: Configure firewall for ATF/OPTEE
  arm: dts: k3-am62a-phycore-binman: Configure firewall for ATF/OPTEE
  arm: dts: k3-am64x-binman: Configure firewall for ATF/OPTEE
  arm: dts: k3-am642-phycore-binman: Configure firewall for ATF/OPTEE

 arch/arm/dts/k3-am625-phycore-som-binman.dtsi | 30 +++++++++++++++++
 arch/arm/dts/k3-am625-sk-binman.dtsi          | 29 +++++++++++++++++
 .../dts/k3-am625-verdin-wifi-dev-binman.dtsi  | 30 +++++++++++++++++
 arch/arm/dts/k3-am62a-phycore-som-binman.dtsi | 30 +++++++++++++++++
 arch/arm/dts/k3-am62a-sk-binman.dtsi          | 30 +++++++++++++++++
 arch/arm/dts/k3-am62p-sk-binman.dtsi          | 32 +++++++++++++++++++
 .../dts/k3-am62p5-verdin-wifi-dev-binman.dtsi | 32 +++++++++++++++++++
 arch/arm/dts/k3-am642-phycore-som-binman.dtsi | 31 ++++++++++++++++++
 arch/arm/dts/k3-am64x-binman.dtsi             | 31 ++++++++++++++++++
 arch/arm/dts/k3-binman.dtsi                   |  8 ++---
 10 files changed, 279 insertions(+), 4 deletions(-)

-- 
2.34.1

[PATCH v3 01/10] arm: dts: k3-binman: Use configs for ATF/OPTEE addresses

[Suhaas Joshi]

Instead of hard-coding ATF and OPTEE addresses in firewall configuration
templates, use K3_*_LOAD_ADDR. Doing so ensures that if someone moves
ATF/OPTEE regions, the change gets picked up by binman without
explicitly having to modify dts files.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 arch/arm/dts/k3-binman.dtsi | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi
index 761b1730464..0fd93f9536a 100644
--- a/arch/arm/dts/k3-binman.dtsi
+++ b/arch/arm/dts/k3-binman.dtsi
@@ -476,8 +476,8 @@
 		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
 						FWPERM_SECURE_PRIV_RWCD |
 						FWPERM_SECURE_USER_RWCD)>;
-		start_address = <0x0 0x70000000>;
-		end_address = <0x0 0x7001ffff>;
+		start_address = <0x0 CONFIG_K3_ATF_LOAD_ADDR>;
+		end_address = <0x0 (CONFIG_K3_ATF_LOAD_ADDR + 0x1ffff)>;
 	};
 	firewall_armv8_optee_fg: template-8 {
 		control = <(FWCTRL_EN | FWCTRL_LOCK |
@@ -485,8 +485,8 @@
 		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
 						FWPERM_SECURE_PRIV_RWCD |
 						FWPERM_SECURE_USER_RWCD)>;
-		start_address = <0x0 0x9e800000>;
-		end_address = <0x0 0x9fffffff>;
+		start_address = <0x0 CONFIG_K3_OPTEE_LOAD_ADDR>;
+		end_address = <0x0 (CONFIG_K3_OPTEE_LOAD_ADDR + 0x17fffff)>;
 	};
 
 	ti_falcon_template: template-9 {
-- 
2.34.1

[PATCH v3 02/10] arm: dts: k3-am625-binman: Configure firewall for ATF/OPTEE

[Suhaas Joshi]

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure reads and writes in AM62x.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 arch/arm/dts/k3-am625-sk-binman.dtsi | 29 ++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/arch/arm/dts/k3-am625-sk-binman.dtsi b/arch/arm/dts/k3-am625-sk-binman.dtsi
index 42edb35fa7b..8d6015e44a9 100644
--- a/arch/arm/dts/k3-am625-sk-binman.dtsi
+++ b/arch/arm/dts/k3-am625-sk-binman.dtsi
@@ -275,6 +275,35 @@
 
 		fit {
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <1>;
+							region = <1>;
+						};
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-2 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <2>;
+						};
+					};
+				};
 
 				tifsstub-hs {
 					description = "TIFSSTUB";
-- 
2.34.1

[PATCH v3 03/10] arm: dts: k3-am625-phycore-binman: Configure firewall for ATF/OPTEE

[Suhaas Joshi]

Add firewall configurations to protect ATF and OP-TEE from non-secure
reads and writes in Phycore AM625 SOM.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 arch/arm/dts/k3-am625-phycore-som-binman.dtsi | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi
index a9bd5a2be84..5e777a1f305 100644
--- a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi
+++ b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi
@@ -215,6 +215,36 @@
 		fit {
 
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <1>;
+							region = <1>;
+						};
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-2 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <2>;
+						};
+					};
+				};
+
 				tifsstub-hs {
 					description = "TIFSSTUB";
 					type = "firmware";
-- 
2.34.1

[PATCH v3 04/10] arm: dts: k3-am625-verdin-binman: Configure Firewall for ATF/OPTEE

[Suhaas Joshi]

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure read's and write's in Verdin AM62 board.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 .../dts/k3-am625-verdin-wifi-dev-binman.dtsi  | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi
index 65fef6e4790..7b646629587 100644
--- a/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi
+++ b/arch/arm/dts/k3-am625-verdin-wifi-dev-binman.dtsi
@@ -200,6 +200,36 @@
 		fit {
 
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <1>;
+							region = <1>;
+						};
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-2 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <2>;
+						};
+					};
+				};
+
 				tifsstub-hs {
 					description = "TIFSSTUB";
 					type = "firmware";
-- 
2.34.1

[PATCH v3 05/10] arm: dts: k3-am62p-binman: Configure firewall for ATF/OPTEE

[Suhaas Joshi]

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure reads and writes in AM62P.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 arch/arm/dts/k3-am62p-sk-binman.dtsi | 32 ++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/arch/arm/dts/k3-am62p-sk-binman.dtsi b/arch/arm/dts/k3-am62p-sk-binman.dtsi
index e1443d6226b..603487341d2 100644
--- a/arch/arm/dts/k3-am62p-sk-binman.dtsi
+++ b/arch/arm/dts/k3-am62p-sk-binman.dtsi
@@ -217,6 +217,38 @@
 
 		fit {
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <1>;
+							region = <1>;
+						};
+
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-2 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <2>;
+						};
+
+					};
+				};
+
 				tifsstub-hs {
 					description = "TIFSSTUB";
 					type = "firmware";
-- 
2.34.1

[PATCH v3 06/10] arm: dts: k3-am62p5-verdin-binman: Configure firewall for ATF/OPTEE

[Suhaas Joshi]

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure read's and write's in Verdin AM62P board.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 .../dts/k3-am62p5-verdin-wifi-dev-binman.dtsi | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi b/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi
index 57ce3c0b41c..b46e871ef8a 100644
--- a/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi
+++ b/arch/arm/dts/k3-am62p5-verdin-wifi-dev-binman.dtsi
@@ -159,6 +159,38 @@
 
 		fit {
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <1>;
+							region = <1>;
+						};
+
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-2 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <2>;
+						};
+
+					};
+				};
+
 				tifsstub-hs {
 					description = "TIFSSTUB";
 					type = "firmware";
-- 
2.34.1

[PATCH v3 07/10] arm: dts: k3-am62a-binman: Configure firewall for ATF/OPTEE

[Suhaas Joshi]

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure reads and writes in AM62A.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 arch/arm/dts/k3-am62a-sk-binman.dtsi | 30 ++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/arch/arm/dts/k3-am62a-sk-binman.dtsi b/arch/arm/dts/k3-am62a-sk-binman.dtsi
index cb9a56b8c37..49c90f5855c 100644
--- a/arch/arm/dts/k3-am62a-sk-binman.dtsi
+++ b/arch/arm/dts/k3-am62a-sk-binman.dtsi
@@ -200,6 +200,36 @@
 
 		fit {
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <1>;
+							region = <1>;
+						};
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-2 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <2>;
+						};
+					};
+				};
+
 				tifsstub-hs {
 					description = "TIFSSTUB";
 					type = "firmware";
-- 
2.34.1

[PATCH v3 08/10] arm: dts: k3-am62a-phycore-binman: Configure firewall for ATF/OPTEE

[Suhaas Joshi]

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure read's and write's in Phycore AM62A SOM.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 arch/arm/dts/k3-am62a-phycore-som-binman.dtsi | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi b/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi
index a284226320c..6f82a40908f 100644
--- a/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi
+++ b/arch/arm/dts/k3-am62a-phycore-som-binman.dtsi
@@ -165,6 +165,36 @@
 
 		fit {
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <1>;
+							region = <1>;
+						};
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-2 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <2>;
+						};
+					};
+				};
+
 				tifsstub-hs {
 					description = "TIFSSTUB";
 					type = "firmware";
-- 
2.34.1

[PATCH v3 09/10] arm: dts: k3-am64x-binman: Configure firewall for ATF/OPTEE

[Suhaas Joshi]

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure reads and writes in AM64x.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 arch/arm/dts/k3-am64x-binman.dtsi | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/arch/arm/dts/k3-am64x-binman.dtsi b/arch/arm/dts/k3-am64x-binman.dtsi
index 32e47a3f688..f3c7f2c939d 100644
--- a/arch/arm/dts/k3-am64x-binman.dtsi
+++ b/arch/arm/dts/k3-am64x-binman.dtsi
@@ -139,6 +139,37 @@
 			#address-cells = <1>;
 
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-24-5 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <24>;
+							region = <5>;
+						};
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <1>;
+						};
+					};
+				};
+
 				dm {
 					blob-ext {
 						filename = "/dev/null";
-- 
2.34.1

[PATCH v3 10/10] arm: dts: k3-am642-phycore-binman: Configure firewall for ATF/OPTEE

[Suhaas Joshi]

Add firewall configurations to protect ATF and OP-TEE memory regions
from non-secure read's and write's in Phycore AM64 SOM.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
---
 arch/arm/dts/k3-am642-phycore-som-binman.dtsi | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
index 966905bd64d..07cb79fd04a 100644
--- a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
+++ b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi
@@ -141,6 +141,37 @@
 			#address-cells = <1>;
 
 			images {
+				atf {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-24-5 {
+							insert-template = <&firewall_armv8_atf_fg>;
+							id = <24>;
+							region = <5>;
+						};
+					};
+				};
+
+				tee {
+					ti-secure {
+						auth-in-place = <0xa02>;
+
+						firewall-1-0 {
+							insert-template = <&firewall_bg_3>;
+							id = <1>;
+							region = <0>;
+						};
+
+
+						firewall-1-1 {
+							insert-template = <&firewall_armv8_optee_fg>;
+							id = <1>;
+							region = <1>;
+						};
+					};
+				};
+
 				dm {
 					blob-ext {
 						filename = "/dev/null";
-- 
2.34.1

Re: [PATCH v3 01/10] arm: dts: k3-binman: Use configs for ATF/OPTEE addresses

[Andrew Davis]

On 1/27/26 2:16 AM, Suhaas Joshi wrote:
> Instead of hard-coding ATF and OPTEE addresses in firewall configuration
> templates, use K3_*_LOAD_ADDR. Doing so ensures that if someone moves
> ATF/OPTEE regions, the change gets picked up by binman without
> explicitly having to modify dts files.
> 
> Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
> ---
>   arch/arm/dts/k3-binman.dtsi | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/arm/dts/k3-binman.dtsi b/arch/arm/dts/k3-binman.dtsi
> index 761b1730464..0fd93f9536a 100644
> --- a/arch/arm/dts/k3-binman.dtsi
> +++ b/arch/arm/dts/k3-binman.dtsi
> @@ -476,8 +476,8 @@
>   		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
>   						FWPERM_SECURE_PRIV_RWCD |
>   						FWPERM_SECURE_USER_RWCD)>;
> -		start_address = <0x0 0x70000000>;
> -		end_address = <0x0 0x7001ffff>;
> +		start_address = <0x0 CONFIG_K3_ATF_LOAD_ADDR>;
> +		end_address = <0x0 (CONFIG_K3_ATF_LOAD_ADDR + 0x1ffff)>;

Not an issue with this patch, this is better than before, but we still have
the size of TF-A and OP-TEE hardcoded here, and also here[0]. Might be good
to add a Kconfig symbol for the size of these at some point.

Andrew

[0] https://source.denx.de/u-boot/u-boot/-/blob/master/arch/arm/mach-k3/common_fdt.c#L175

>   	};
>   	firewall_armv8_optee_fg: template-8 {
>   		control = <(FWCTRL_EN | FWCTRL_LOCK |
> @@ -485,8 +485,8 @@
>   		permissions = <((FWPRIVID_ARMV8 << FWPRIVID_SHIFT) |
>   						FWPERM_SECURE_PRIV_RWCD |
>   						FWPERM_SECURE_USER_RWCD)>;
> -		start_address = <0x0 0x9e800000>;
> -		end_address = <0x0 0x9fffffff>;
> +		start_address = <0x0 CONFIG_K3_OPTEE_LOAD_ADDR>;
> +		end_address = <0x0 (CONFIG_K3_OPTEE_LOAD_ADDR + 0x17fffff)>;
>   	};
>   
>   	ti_falcon_template: template-9 {

Re: [PATCH v3 00/10] Firewall ATF and OP-TEE memory regions in Sitara

[Tom Rini]

On Tue, 27 Jan 2026 13:46:42 +0530, Suhaas Joshi wrote:

> This series starts by replacing hard-coded addresses in firewall templates that are defined in
> k3-binman.dtsi, by Kconfigs. Using Kconfigs makes it easier for someone to move ATF and OP-TEE to
> another location, since they wouldn't have to fiddle with the firewall configurations in dtsi files.
> 
> The rest of the commits in this series add firewall configs to each device's dtsi files.
> 
> I have only tested this patch series with TI boards. For non-TI Sitara boards, respective board
> maintainers are requested to test the relevant patch and confirm whether it works.
> 
> [...]

Applied to u-boot/master, thanks!

[01/10] arm: dts: k3-binman: Use configs for ATF/OPTEE addresses
        commit: 24338c81ec2f689f09d761afbcf28c8661d536b6
[02/10] arm: dts: k3-am625-binman: Configure firewall for ATF/OPTEE
        commit: 27f105fbbda22291173155f105ae5242c6f08bd9
[03/10] arm: dts: k3-am625-phycore-binman: Configure firewall for ATF/OPTEE
        commit: 0cee13fe86b8e2a4e2feb9cb447baaca914c0f97
[04/10] arm: dts: k3-am625-verdin-binman: Configure Firewall for ATF/OPTEE
        commit: 13c54cf588d82b9df073933844443b5dabbdd739
[05/10] arm: dts: k3-am62p-binman: Configure firewall for ATF/OPTEE
        commit: eaaec18f7a189dd5a46cb47b23366301b75ca13c
[06/10] arm: dts: k3-am62p5-verdin-binman: Configure firewall for ATF/OPTEE
        commit: 0c3a6f748c90b88ad9af5c937f2c967cd0d6878a
[07/10] arm: dts: k3-am62a-binman: Configure firewall for ATF/OPTEE
        commit: cb238a6b66ac0f6fe9b1e01d30224c30880ad8c0
[08/10] arm: dts: k3-am62a-phycore-binman: Configure firewall for ATF/OPTEE
        commit: 3c6c2f3f5c228a869ec9d342852e201a7a662968
[09/10] arm: dts: k3-am64x-binman: Configure firewall for ATF/OPTEE
        commit: 31d5d1b378b204f2743e317c44496a3869d0a83c
[10/10] arm: dts: k3-am642-phycore-binman: Configure firewall for ATF/OPTEE
        commit: 64daef1ada4e29a4fe6975bd7ad2f9f128cefe04
-- 
Tom