imx8qm/qxp: Protect the lower 96K ocram used for SPL

Because the partition reboot won't reload the first level bootloader (SPL),
the SPL won't be authenticated. Users can corrupt the SPL image to break
the boot trust chain in secure boot if we don't protect that OCRAM area.

This patch configures the memory area from 0x0 to 0x118000 only accessed by
secure partition (ATF and OPTEE). Non-secure partitions (u-boot and kernel)
can't access it.

Signed-off-by: Ye Li <>
(cherry picked from commit 1eff7d3ef6f121782e56bb1807744ede48b8580b)
4 files changed