3 files changed, 48 insertions, 0 deletions

diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch
new file mode 100644
index 0000000000..2c634e350f
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch
@@ -0,0 +1,41 @@
+From 2d305094f8f500362079e9e7637d46129bf980e4 Mon Sep 17 00:00:00 2001
+From: Adam Johnston <adam.johnston@arm.com>
+Date: Tue, 25 Jul 2023 16:05:51 +0000
+Subject: [PATCH] n1sdp: Reserve OP-TEE memory from NWd
+
+The physical memory which is used to run OP-TEE on the N1SDP is known
+to the secure world via TOS_FW_CONFIG, but it may not be known to the
+normal world.
+
+As a precaution, explicitly reserve this memory via NT_FW_CONFIG to
+prevent the normal world from using it. This is not required on most
+platforms as the Trusted OS is run from secure RAM.
+
+Upstream-Status: Pending (not yet submited to upstream)
+Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+---
+ plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
+index da5e04ddb6..b7e2d4e86f 100644
+--- a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
++++ b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
+@@ -20,4 +20,16 @@
+ 		local-ddr-size = <0x0>;
+ 		remote-ddr-size = <0x0>;
+ 	};
++
++	reserved-memory {
++		#address-cells = <2>;
++		#size-cells = <2>;
++		ranges;
++
++		optee@0x08000000 {
++			compatible = "removed-dma-pool";
++			reg = <0x0 0x08000000 0x0 0x02000000>;
++			no-map;
++		};
++	};
+ };
+\ No newline at end of file
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
index 008103469e..2b85b9dbd1 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
@@ -37,6 +37,7 @@ EXTRA_OEMAKE:append = " \
                         NR_OF_IMAGES_IN_FW_BANK=4 \
                         COT=tbbr \
                         ARM_ROTPK_LOCATION=devel_rsa  \
+                        ERRATA_A35_855472=1 \
                         ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
                         BL32=${RECIPE_SYSROOT}/lib/firmware/tee-pager_v2.bin \
                         LOG_LEVEL=50 \
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
index f4ebcc1c5f..654e43270f 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
@@ -9,6 +9,12 @@ TFA_MBEDTLS        = "1"
 TFA_UBOOT          = "0"
 TFA_UEFI           = "1"
 
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/n1sdp:"
+
+SRC_URI:append = " \ 
+    file://0001-Reserve-OP-TEE-memory-from-nwd.patch \
+    "
+
 TFA_ROT_KEY= "plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
 
 # Enabling Secure-EL1 Payload Dispatcher (SPD)