[PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM in SPL
Michael Walle
michael at walle.cc
Mon Jan 31 23:02:39 CET 2022
Hi,
Am 2022-01-31 22:45, schrieb ZHIZHIKIN Andrey:
>> From: U-Boot <u-boot-bounces at lists.denx.de> On Behalf Of Gaurav Jain
>> Sent: Wednesday, January 12, 2022 2:31 PM
>> To: u-boot at lists.denx.de
>> Cc: Stefano Babic <sbabic at denx.de>; Fabio Estevam
>> <festevam at gmail.com>; Peng Fan
>> <peng.fan at nxp.com>; Simon Glass <sjg at chromium.org>; Michael Walle
>> <michael at walle.cc>; Priyanka Jain <priyanka.jain at nxp.com>; Ye Li
>> <ye.li at nxp.com>;
>> Horia Geanta <horia.geanta at nxp.com>; Ji Luo <ji.luo at nxp.com>; Franck
>> Lenormand
>> <franck.lenormand at nxp.com>; Silvano Di Ninno
>> <silvano.dininno at nxp.com>; Sahil
>> malhotra <sahil.malhotra at nxp.com>; Pankaj Gupta
>> <pankaj.gupta at nxp.com>; Varun
>> Sethi <V.Sethi at nxp.com>; NXP i . MX U-Boot Team <uboot-imx at nxp.com>;
>> Shengzhou
>> Liu <Shengzhou.Liu at nxp.com>; Mingkai Hu <mingkai.hu at nxp.com>; Rajesh
>> Bhagat
>> <rajesh.bhagat at nxp.com>; Meenakshi Aggarwal
>> <meenakshi.aggarwal at nxp.com>; Wasim
>> Khan <wasim.khan at nxp.com>; Alison Wang <alison.wang at nxp.com>; Pramod
>> Kumar
>> <pramod.kumar_1 at nxp.com>; Tang Yuantian <andy.tang at nxp.com>; Adrian
>> Alonso
>> <adrian.alonso at nxp.com>; Vladimir Oltean <olteanv at gmail.com>; Gaurav
>> Jain
>> <gaurav.jain at nxp.com>
>> Subject: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for
>> supporting DM
>> in SPL
>>
>> disabled use of JR0 in SPL and uboot, as JR0 is reserved
>> for secure boot.
>
> I'd like to return the original question here, which was not
> completely clarified
> during previous reviews: where does the reservation restriction is
> coming from?
>
> BootROM does reserve the JR0 and JR1, which are later released by ATF.
> NXP downstream
> ATF keeps the JR0 reserved, but upstream ATF does release *all* JRs to
> NS World.
>
> If this reservation is taken like the patch proposes and U-Boot is
> built with upstream
> ATF - this would eventually lead to the situation where the HW
> configuration is not
> aligned with what DTB indicates.
>
> Please note, that recent OP-TEE release has also re-mapped the JR it
> uses from JR0 to
> JR2, which can also lead to usage of the JR which is already taken by
> OP-TEE. There is
> an ongoing PR in OP-TEE to disable JR nodes via DT overlay for Linux
> [1], but I'm not
> sure if the same applies to U-Boot as well.
From the referenced PR:
| On imx8m platforms, OP-TEE has no direct access to the Linux device
| tree. The OP-TEE CAAM driver must disable the secure JR thought the
| device tree overlay.
Why is that the case? That "we create some kind of overlay and
hope it will fit" sounds very fragile to me. Who is applying this
overlay? Will it be applied for u-boot and linux or just for linux?
-michael
[1] https://github.com/OP-TEE/optee_os/pull/5143
More information about the U-Boot
mailing list