On Fri, Jun 27, 2025 at 06:04:04PM +0200, Marco Felsch wrote:
> On 25-06-27, Sascha Hauer wrote:
> > On ARMv7 there is no direct way to detect if we are in the secure or non
> > secure world. Add a imx6_can_access_tzasc() for this purpose. When
> > accessing the TZASC triggers a data abort then we are in the non secure
> > world. This function can be used later to detect if we have to load
> ^
> because OP-TEE configures the TZASC access policy to secure-world R/W. ?
Will add.
>
> Keep in mind that this test will fail if a downstream/buggy OP-TEE
> doesn't configure the CSU correctly. Fingers crossed that this never
> will never happen.
When you are using this buggy OP-TEE for security relevant stuff you're
screwed anyway.
When in this case barebox tries to start OP-TEE again and your board
crashes because of this then you are lucky as this could give you a hint
that there's really something wrong.
> > +bool imx6_can_access_tzasc(void)
> > +{
> > + if (!IS_ENABLED(CONFIG_ARM_EXCEPTIONS_PBL))
> > + panic("%s only works with CONFIG_ARM_EXCEPTIONS_PBL\n",
> > __func__);
> > +
> > + arm_pbl_init_exceptions();
>
> Can't we do that within the imx*_cpu_lowlevel_init?
No, we need a proper C environment for this which is not guaranteed in
these functions.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
