Hi, On 30 July 2015 at 09:43, Stephen Warren <swar...@wwwdotorg.org> wrote: > > On 07/30/2015 05:04 AM, Thierry Reding wrote: >> >> On Wed, Jul 29, 2015 at 01:47:58PM -0600, Stephen Warren wrote: >>> >>> From: Stephen Warren <swar...@nvidia.com> >>> >>> Additionally, ARM64 devices typically run a secure monitor in EL3 and >>> U-Boot in EL2, and set up some secure RAM carve-outs to contain the EL3 >>> code and data. These carve-outs are located at the top of 32-bit address >>> space. Restrict U-Boot's RAM usage to well below the location of those >>> carve-outs. Ideally, we would the secure monitor would inform U-Boot of >>> exactly which RAM it could use at run-time. However, I'm not sure how to >>> do that at present (and even if such a mechanism does exist, it would >>> likely not be generic across all forms of secure monitor). >> >> >> 0xe0000000-0xffffffff is 512 MiB, surely a secure monitor can live with >> less than that! > > > I'm sure it does. However, it's a nice round number and leaves plenty of > space for arbitrary expansion of the secure monitor, secure OS, other > security-related carve-outs, (video regions, LP0 resume firmware, etc.) > There's still plenty of space left for U-Boot after that.
I'd really hope that these can be in U-Boot's remit. except perhaps the secure OS. Should we figure out how to build the secure monitor within the U-Boot environment? Is creating a bootable image going to become really complicated? Why would video regions and resume firmware not be set up by U-Boot? Regards, Simon _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
