[PATCH v3 11/17] imx9: scmi: soc: Override h_spl_load_read with trampoline buffer
Marek Vasut
marex at denx.de
Sun Jan 5 22:43:43 CET 2025
On 1/3/25 7:45 AM, Alice Guo wrote:
> From: Ye Li <ye.li at nxp.com>
>
> When SPL loading image to secure region, for example, ATF and tee to
> DDR secure region. Because the USDHC controller is non-secure master,
> it can't access this region and will cause loading issue.
>
> So override h_spl_load_read to use a trampoline buffer in nonsecure
> region, then use CPU to copy the image from trampoline buffer to
> destination secure region.
Can the attacker intercept this and rewrite the soon-to-be-secure-only
software with something that would later allow them to take over the
system ? For example, could the attacker flip some secure-test bit in
the TEE while it is in non-secure DRAM and before it is copied in the
secure location, and make TEE accept privileged SMC operations from any
unprivileged software ?
More information about the U-Boot
mailing list