[U-Boot] [PATCH 2/4] crypto/fsl: Use __sec_set_jr_context_normal
Bryan O'Donoghue
bryan.odonoghue at linaro.org
Tue Apr 30 01:28:04 UTC 2019
On 25/04/2019 04:24, Breno Matheus Lima wrote:
> I couldn't get encrypted boot working in my first attempt, doing the
> exact same procedure with commit 22191ac35344 ("drivers/crypto/fsl:
> assign job-rings to non-TrustZone") reverted works fine.
Hi Breno,
I noticed another patch from you re: dek blob, does that address this
issue for you are is this still a live thing ?
If you are running in secure-world, and the BootROM dek blob stuff
validates job-ring ownership it _should_ be possible to flip the
ownership bits to what the BootROM expects and then back again.
If its not working, presumably its because we aren't flipping ownership
at the right time.
Maybe better to set permissions to secure-world while we are in u-boot
and then switch to normal world before we hand over to the next boot phase.
---
bod
More information about the U-Boot
mailing list