[U-Boot] [PATCH 2/4] crypto/fsl: Use __sec_set_jr_context_normal

Bryan O'Donoghue bryan.odonoghue at linaro.org
Tue Apr 30 01:28:04 UTC 2019



On 25/04/2019 04:24, Breno Matheus Lima wrote:
> I couldn't get encrypted boot working in my first attempt, doing the
> exact same procedure with commit 22191ac35344 ("drivers/crypto/fsl:
> assign job-rings to non-TrustZone") reverted works fine.

Hi Breno,

I noticed another patch from you re: dek blob, does that address this 
issue for you are is this still a live thing ?

If you are running in secure-world, and the BootROM dek blob stuff 
validates job-ring ownership it _should_ be possible to flip the 
ownership bits to what the BootROM expects and then back again.

If its not working, presumably its because we aren't flipping ownership 
at the right time.

Maybe better to set permissions to secure-world while we are in u-boot 
and then switch to normal world before we hand over to the next boot phase.

---
bod


More information about the U-Boot mailing list