Re: 回复: [EXT] Re: [PATCH v3 11/17] imx9: scmi: soc: Override h_spl_load_read with trampoline buffer

Marek Vasut marex at denx.de
Tue Jan 7 12:21:30 CET 2025 

On 1/7/25 11:04 AM, Alice Guo (OSS) wrote:
>> -----邮件原件-----
>> 发件人: Marek Vasut <marex at denx.de>
>> 发送时间: 2025年1月6日 5:44
>> 收件人: Alice Guo (OSS) <alice.guo at oss.nxp.com>; Tom Rini
>> <trini at konsulko.com>; Stefano Babic <sbabic at denx.de>; Fabio Estevam
>> <festevam at gmail.com>; dl-uboot-imx <uboot-imx at nxp.com>; Lukasz
>> Majewski <lukma at denx.de>; Sean Anderson <seanga2 at gmail.com>; Simon
>> Glass <sjg at chromium.org>; Alper Nebi Yasak <alpernebiyasak at gmail.com>;
>> Alice Guo <alice.guo at nxp.com>
>> 抄送: u-boot at lists.denx.de; tharvey at gateworks.com; Ye Li <ye.li at nxp.com>;
>> Peng Fan <peng.fan at nxp.com>
>> 主题: [EXT] Re: [PATCH v3 11/17] imx9: scmi: soc: Override h_spl_load_read
>> with trampoline buffer
>>
>> Caution: This is an external email. Please take care when clicking links or
>> opening attachments. When in doubt, report the message using the 'Report this
>> email' button
>>
>>
>> On 1/3/25 7:45 AM, Alice Guo wrote:
>>> From: Ye Li <ye.li at nxp.com>
>>>
>>> When SPL loading image to secure region, for example, ATF and tee to
>>> DDR secure region. Because the USDHC controller is non-secure master,
>>> it can't access this region and will cause loading issue.
>>>
>>> So override h_spl_load_read to use a trampoline buffer in nonsecure
>>> region, then use CPU to copy the image from trampoline buffer to
>>> destination secure region.
>> Can the attacker intercept this and rewrite the soon-to-be-secure-only software
>> with something that would later allow them to take over the system ? For
>> example, could the attacker flip some secure-test bit in the TEE while it is in
>> non-secure DRAM and before it is copied in the secure location, and make TEE
>> accept privileged SMC operations from any unprivileged software ?
> 
> User can authenticate OP-TEE. When authentication succeeds, OP-TEE has not been modified.
Does this also affect U-Boot proper ?

If so, does U-Boot proper have to be signed too to avoid any possibility 
of tampering ?

More information about the U-Boot mailing list