On 1/7/25 11:04 AM, Alice Guo (OSS) wrote:
-----邮件原件----- 发件人: Marek Vasut marex@denx.de 发送时间: 2025年1月6日 5:44 收件人: Alice Guo (OSS) alice.guo@oss.nxp.com; Tom Rini trini@konsulko.com; Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; dl-uboot-imx uboot-imx@nxp.com; Lukasz Majewski lukma@denx.de; Sean Anderson seanga2@gmail.com; Simon Glass sjg@chromium.org; Alper Nebi Yasak alpernebiyasak@gmail.com; Alice Guo alice.guo@nxp.com 抄送: u-boot@lists.denx.de; tharvey@gateworks.com; Ye Li ye.li@nxp.com; Peng Fan peng.fan@nxp.com 主题: [EXT] Re: [PATCH v3 11/17] imx9: scmi: soc: Override h_spl_load_read with trampoline buffer
Caution: This is an external email. Please take care when clicking links or opening attachments. When in doubt, report the message using the 'Report this email' button
On 1/3/25 7:45 AM, Alice Guo wrote:
From: Ye Li ye.li@nxp.com
When SPL loading image to secure region, for example, ATF and tee to DDR secure region. Because the USDHC controller is non-secure master, it can't access this region and will cause loading issue.
So override h_spl_load_read to use a trampoline buffer in nonsecure region, then use CPU to copy the image from trampoline buffer to destination secure region.
Can the attacker intercept this and rewrite the soon-to-be-secure-only software with something that would later allow them to take over the system ? For example, could the attacker flip some secure-test bit in the TEE while it is in non-secure DRAM and before it is copied in the secure location, and make TEE accept privileged SMC operations from any unprivileged software ?
User can authenticate OP-TEE. When authentication succeeds, OP-TEE has not been modified.
Does this also affect U-Boot proper ?
If so, does U-Boot proper have to be signed too to avoid any possibility of tampering ?