[PATCH 00/17] (no cover subject)
Marek Vasut
marex at denx.de
Mon Nov 4 16:39:02 CET 2024
On 11/4/24 1:39 PM, Peng Fan wrote:
>> Subject: Re: [PATCH 00/17] (no cover subject)
>>
>> On 11/4/24 1:20 PM, Peng Fan wrote:
>>>> Subject: Re: [PATCH 00/17] (no cover subject)
>>>>
>>>> On 10/16/24 9:17 AM, Alice Guo wrote:
>>>>> This patch set adds the basic support of i.MX95 and has been
>> tested
>>>> on
>>>>> i.MX95 19x19 EVK.
>>>> I have a somewhat more generic question -- can we start U-Boot SPL
>>>> and U-Boot first, and start the ELE/OpTee/... whatever firmwares
>>>> AFTER U-Boot has started, so they can be updated just like the
>> kernel
>>>> can be updated ?
>>>
>>> ELE Firmware packed in flash.bin is used by ROM, out of control of
>>> SPL/U-Boot.
>>
>> Used by ROM how ? Details please ?
>
> ELE Firmware is for secure enclave usage. 8ULP/93 also has it.
> I could not share more details.
Is this some magic proprietary closed source goo ?
Why can this not be started from U-Boot just like OpTee-OS which
implements TEE for Secure TEE trustlets (or whatever that is called) ?
>>> OP-Tee is optional, but if it is there, it could only be loaded by SPL
>>> and kicked by ATF
>> Why ? U-Boot running in EL3 can start OpTee OS, so what is the
>> problem ?
>
> Ah. As we know there is a wrapper in ATF controlled with spd_optee.
> Technically let uboot in EL3 to kick optee is feasible, but I am not
> sure people would do this.
Because if there is a bug in OpTee, it can be safely updated just like
the kernel can be safely updated -- just boot the other copy as a
fallback. If the Optee is baked into your flash.bin , you have to update
bootloader, which is dangerous.
More information about the U-Boot
mailing list