Hi, Dall: Thanks for your quick response!
It depends on the board. Which ARM doc are you referring to?
ARM Security Technology : Building a Secure System using TrustZone Technology. (PRD29-GENC-009492C) Figure 5-2 in Chapter 5.2.1 Boot Sequence. Based on my understanding, U-boot is classfied as normal world boot loader. Maybe my understanding is wrong! :)
In general, there are three options for how u-boot is booted:
- In secure mode
- In non-secure hyp mode
- in non-secure svc mode
for (1) you can just switch to non-secure hyp. for (2) you don't have to do anything. for (3) you're screwed, unless there's a backdoor call to enter Hyp mode (typically found on TI hardware).
For (1), i didn't get it totally: On a platform with a CA7 supporting TZ tech, but this SOC not support VT, usually cpu is powered on in secure mode. So, i could only switch it to non-sec state? If this CA7 also supports VT, so i could select 2 goals: Switch to non-sec state, or swith to non-sec hyp mode?
I think non-sec state is not identical with non-sec hyp mode.
Best wishes,
-Christoffer