[PATCH v4 02/16] arm: mach-k3: Add basic support for J784S4 SoC definition

Nishanth Menon nm at ti.com
Wed Oct 4 14:24:25 CEST 2023


On 10:43-20231004, Manorit Chawdhry wrote:

> These are required to remove the firewall configurations that are done
> by ROM, those are not the ones that are being handled by OIDs. The

I am not sure I understand this clearly. OIDs are setup to open up
firewalls or close firewalls as the system requires and since it
is authenticated, not compromiseable.- U-boot by itself (even if
authenticated), is not a secure entity for it to dictate the firewall
configuration (u-boot must be assumed to be compromised after
authentication is complete). So, doing firewall configuration via APIs
after boot, to me looks broken approach.

> current series that is being worked on is to add additional firewalling
> support with OIDs that TIFS will be handling.
> The above patch is
> essentially added to have the same development experience on GP devices
> similar to HS after the secure boot is done so that people don't end up

huh? the code seems to blindly call the remove_fwl_configs(cbass_hc_cfg0_fwls, ARRAY_SIZE(cbass_hc_cfg0_fwls));
where is the distinction of HS vs GP here? This implementation looks
completely broken to me at least.. please correct what I missed here.

-- 
Regards,
Nishanth Menon
Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3  1A34 DDB5 849D 1736 249D


More information about the U-Boot mailing list