feat(security): Add note about firewall exception during boot

jsuhaas22 · StaticRocket · commit ce4a7e6343e2 · 2026-04-08T14:32:38.000-05:00
Add note about A53's speculative access into TF-A's firewalled region during
boot. This causes TIFS to log a read exception. The exception occurs only once,
since TF-A's memory is unmapped later.

Signed-off-by: Suhaas Joshi &lt;s-joshi@ti.com&gt;
diff --git a/source/linux/Foundational_Components/System_Security/Memory_Firewalls.rst b/source/linux/Foundational_Components/System_Security/Memory_Firewalls.rst
@@ -82,6 +82,13 @@ TIFS does not output logs by default. Enabling TIFS logging requires
 modifying U-Boot source code, recompiling it, and transferring the new
 binaries to the boot partition.
 
+.. note::
+
+   Currently, TIFS logs report a firewall read violation during boot. This
+   occurs because A53 speculatively accesses TF-A's memory region, which is
+   protected from non-secure access by a firewall. This occurs only once, since
+   TF-A's memory region is unmapped from the page table afterwards.
+
 Modify U-Boot Configuration
 ===========================
 
