Re: TZASC misconfiguration on i.mx8m

Tue, 09 Jun 2026 02:56:17 -0700 



On 6/9/2026 2:53 PM, Richard Weinberger wrote:

Ye Li,

On Dienstag, 9. Juni 2026 03:44 Ye Li wrote:

     We have discussed this with iMX optee owner. The fix should be done in
     OPTEE not u-boot.
     1. OPTEE uses secure memory, so it needs to re-confiure trustzone to
     meet secure requirement not depending on SPL setting.
     2. SPL also supports Non-optee case.

     Best regards,
     Ye Li


Can you please point to this discussion?


It is our internal discussion not on community thread. I add Sahil to
comment for optee. And please notice, trustzone should be enabled before
DDR initialization. So it should be in SPL not optee. Optee can
reconfigure trustzone setting.


But U-Boot right now harms the TZASC settings.

This is exactly why upstream OP-TEE has the following guard:
commit 443c5817de47f1bd19091b419806898070382a67
Author: Marco Felsch <[email protected]>
Date:   Tue Jun 17 13:27:53 2025 +0200

     drivers: imx: tzc380: add support to verify region0

     
     There are platforms where memory aliasing can't be prevented, e.g. the

     i.MX8M. If the previous running firmware configured region0, which
     covers the whole AXI address space, to be accessible from secure and
     non-secure world the OP-TEE core memory would be accessible via memory
     aliasing.

     
     To prevent such attacks we need to ensure that region0 is accessible

     from the secure world only.

     
     Reviewed-by: Sahil Malhotra <[email protected]>

     Signed-off-by: Marco Felsch <[email protected]>

Upstream A-TF also used to misconfigure region0, this got fixed by:
https://github.com/ARM-software/arm-trusted-firmware/commit/9bf148071aad597e7fe7d1080c00aeb35b67a3dd

So, why is U-Boot working *against* upstream?
Instead of using the sledgehammer and enable normal world access to the whole
region0, apply a more precise fix to make these USB masters work.
I know, with downstream IMX OP-TEE it's less of a problem, because you carry 
this change:

commit c09d6e9da171f8c5ee42b42ff144b320761a5f16
Author: Sahil Malhotra <[email protected]>
Date:   Mon Aug 4 20:08:59 2025 +0200

     LFOPTEE-468 core: plat-imx: tzc380: update TZASC configuration

     
     In order to prevent Memory aliasing, need to ensure that region0

     is accessible from secure world only.

     
     Signed-off-by: Sahil Malhotra <[email protected]>



Why can't this optee patch apply to optee upstream? It is optee using 
secure memory, then it should be optee's responsibility to configure 
trustzone correctly. Optee can't depends on default value of trustzone, 
since trustzone is not enabled by optee.


Best regards,
Ye Li


Thanks,
//richard
























					Reply via email to