[U-Boot] [PATCH 2/4] crypto/fsl: Use __sec_set_jr_context_normal
Bryan O'Donoghue
bryan.odonoghue at linaro.org
Tue Apr 30 08:13:26 UTC 2019
On 30/04/2019 02:28, Bryan O'Donoghue wrote:
>
>
> On 25/04/2019 04:24, Breno Matheus Lima wrote:
>> I couldn't get encrypted boot working in my first attempt, doing the
>> exact same procedure with commit 22191ac35344 ("drivers/crypto/fsl:
>> assign job-rings to non-TrustZone") reverted works fine.
>
> Hi Breno,
>
> I noticed another patch from you re: dek blob, does that address this
> issue for you are is this still a live thing ?
>
> If you are running in secure-world, and the BootROM dek blob stuff
> validates job-ring ownership it _should_ be possible to flip the
> ownership bits to what the BootROM expects and then back again.
>
> If its not working, presumably its because we aren't flipping ownership
> at the right time.
It occurred to me after I went to bed.
The right thing to do is leave the BootROM settings up until we hand-off
and then set the required post-boot settings.
Something I reckon can be ~easily done in some sort of architectural
handover preparation function.
I'll spin that patchset.
---
bod
More information about the U-Boot
mailing list