Hi Ilias > -----Original Message----- > From: Ilias Apalodimas <[email protected]> > Sent: Friday, May 24, 2019 9:57 PM > To: Udit Kumar <[email protected]> > Cc: [email protected]; Varun Sethi <[email protected]> > Subject: Re: [EXT] Securing the boot flow in U-Boot > > Caution: EXT Email > > Hi Udit, > > > > > > What do you think? > > > > Here we are talking about image signing and image validation. > > I am not sure, what are your plan to make keys data base (platform > > key, KeK and DBs) secure while writing. > > AFAIU, This is one of requirement of secure uefi that these secure variable > should be written in MM mode. > The plan on that is run stMM as an OP-TEE TA. > This will allow us to run StMM + fTPM simultaneously. > The current plan is to support UEFI specs on U-Boot without having secure > variable storage. That one is our next step.
May be I am asking too early about your next step Where you see flash driver sitting, Possible options I see, 1/ In OP-TEE and StMM is making sys-call to access it 2/ in TFA (EL3) itself and stMM is making smc calls 3/ OP-TEE is doing sort of mmap to flash controller area and driver is residing in Sec-EL0 itself > Thanks > /Ilias _______________________________________________ boot-architecture mailing list [email protected] https://lists.linaro.org/mailman/listinfo/boot-architecture
