Ye Li <[email protected]> schrieb am Mo., 8. Juni 2026, 03:43: > Hi Richard, > > On 6/5/2026 10:52 PM, Richard Weinberger wrote: > > CC'ing Ye Li. > > > > On Donnerstag, 4. Juni 2026 19:24 Richard Weinberger wrote: > >> Hello! > >> > >> FYI, in arch/arm/mach-imx/imx8m/soc.c enable_tzc380() U-Boot configures > >> region0 to allow secure and non-secure world access. > >> This is known to be problematic and allows circumventing the TrustZone > due to > >> memory aliasing[0][1]. > >> > >> It causes also recent OP-TEE to panic at startup: > >> E/TC:0 0 Panic 'region0 is not secure configured, non-secure memory > alias access possible!' at core/arch/arm/plat-imx/tzc380.c:217 > <imx_configure_tzasc> > >> > >> This is not a theoretical issue. > >> On my i.mx8mm evk Board I was able to exploit this and dump all OP-TEE > memory from Linux. > > > > I suggest reverting commit b3cf0a8f03d162e030cde1131751d060853e16fc > > Author: Ye Li <[email protected]> > > Date: Tue Aug 27 06:25:34 2019 +0000 > > > > imx8m: Configure trustzone region 0 for non-secure access > > > > Set trustzone region 0 to allow both non-secure and secure access > > when trust zone is enabled. We found USB controller fails to access > > DDR if the default region 0 is secure access only. > > > > Signed-off-by: Ye Li <[email protected]> > > Signed-off-by: Peng Fan <[email protected]> > > > > Thanks, > > //richard > We have discussed this with iMX optee owner. The fix should be done in > OPTEE not u-boot. > 1. OPTEE uses secure memory, so it needs to re-confiure trustzone to > meet secure requirement not depending on SPL setting. > 2. SPL also supports Non-optee case. > > Best regards, > Ye Li >
Can you please point to this discussion? Thanks, //richard >
