[PATCH 09/14] ARM: i.MX: add imx6_can_access_tzasc()
Marco Felsch
m.felsch at pengutronix.de
Fri Jun 27 10:54:38 PDT 2025
On 25-06-27, Sascha Hauer wrote:
> On Fri, Jun 27, 2025 at 06:04:04PM +0200, Marco Felsch wrote:
> > On 25-06-27, Sascha Hauer wrote:
> > > On ARMv7 there is no direct way to detect if we are in the secure or non
> > > secure world. Add a imx6_can_access_tzasc() for this purpose. When
> > > accessing the TZASC triggers a data abort then we are in the non secure
> > > world. This function can be used later to detect if we have to load
> > ^
> > because OP-TEE configures the TZASC access policy to secure-world R/W. ?
>
> Will add.
>
> >
> > Keep in mind that this test will fail if a downstream/buggy OP-TEE
> > doesn't configure the CSU correctly. Fingers crossed that this never
> > will never happen.
>
> When you are using this buggy OP-TEE for security relevant stuff you're
> screwed anyway.
>
> When in this case barebox tries to start OP-TEE again and your board
> crashes because of this then you are lucky as this could give you a hint
> that there's really something wrong.
Yes, you're right.
> > > +bool imx6_can_access_tzasc(void)
> > > +{
> > > + if (!IS_ENABLED(CONFIG_ARM_EXCEPTIONS_PBL))
> > > + panic("%s only works with CONFIG_ARM_EXCEPTIONS_PBL\n", __func__);
> > > +
> > > + arm_pbl_init_exceptions();
> >
> > Can't we do that within the imx*_cpu_lowlevel_init?
>
> No, we need a proper C environment for this which is not guaranteed in
> these functions.
Ah, right.
Regards,
Marco
>
> Sascha
>
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 | http://www.pengutronix.de/ |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
More information about the barebox
mailing list