On Tue, 2015-01-20 at 15:29 -0800, Suriyan Ramasami wrote:
Hello Kevin,
On Tue, Jan 20, 2015 at 2:43 PM, Kevin Hilman khilman@kernel.org wrote:
Suriyan Ramasami suriyan.r@gmail.com writes:
I am currently working only on the XU3 (I thought there was no interest, so I let it slide). I probably should say that the Exynos secure firmware support needs to be tweaked in U-Boot. Maybe other SoCs are supported? I am not sure.
Thanks for the update!
Also, I'm still a bit unsure where the switch from secure to NS world happens. Is that in BL1? or somewhere in BL2? If it's in BL2, have you tried switching secure mode off?
I know for sure that the signed BL2 does switch from Hyp to NS. This BL2 that I am referring to is HK's nomenclature, which translates to BL1 (SPL) in UBoot lingo. Hence, this adds some confusion in the discussions!
It does!. What i was wondering if there would be potential to get a signed BL2 which does *not* do the switch to the NS world, such that an unsigned chain-loaded SPL could (optionally) do that.
The blobs are as follows: (possibly listed in the HK web pages) BL0 (signed encrypted blob from Samsung). This loads HK's signed BL2 (this is U-Boot SPL) This loads U-Boot (U-Boot BL2) and the Trustzone
Also, no matter what mode the odroid xu3 is in, the linux kernel from what I can tell depending on the secure-firmware dts entry (which is present) will use the NS + 1c area when powering on the CPU. Hence, its mandatory to have code there.
Well this is something we can tune as required in case it would be possible to start linux in both secure and NS mode.