[PATCH 09/14] ARM: i.MX: add imx6_can_access_tzasc()

Sascha Hauer s.hauer at pengutronix.de
Fri Jun 27 10:48:01 PDT 2025


On Fri, Jun 27, 2025 at 06:04:04PM +0200, Marco Felsch wrote:
> On 25-06-27, Sascha Hauer wrote:
> > On ARMv7 there is no direct way to detect if we are in the secure or non
> > secure world. Add a imx6_can_access_tzasc() for this purpose. When
> > accessing the TZASC triggers a data abort then we are in the non secure
> > world. This function can be used later to detect if we have to load
>        ^
> because OP-TEE configures the TZASC access policy to secure-world R/W. ?

Will add.

> 
> Keep in mind that this test will fail if a downstream/buggy OP-TEE
> doesn't configure the CSU correctly. Fingers crossed that this never
> will never happen.

When you are using this buggy OP-TEE for security relevant stuff you're
screwed anyway.

When in this case barebox tries to start OP-TEE again and your board
crashes because of this then you are lucky as this could give you a hint
that there's really something wrong.

> > +bool imx6_can_access_tzasc(void)
> > +{
> > +	if (!IS_ENABLED(CONFIG_ARM_EXCEPTIONS_PBL))
> > +		panic("%s only works with CONFIG_ARM_EXCEPTIONS_PBL\n", __func__);
> > +
> > +	arm_pbl_init_exceptions();
> 
> Can't we do that within the imx*_cpu_lowlevel_init?

No, we need a proper C environment for this which is not guaranteed in
these functions.

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



More information about the barebox mailing list