Subject: Re: [U-Boot] imx7d: CPU core issue in secure mode
- Peng
Hi Tobias, Peng,
On Thu, Jul 4, 2019 at 2:20 PM Tobias Junghans tobias.junghans@veyon.io wrote:
Hi,
I'm trying to get an imx7d-based Colibris board running in secure mode in order to be able to use the CAAM, especially the HWRNG. However it seems like it's currently not possible to boot a mainline kernel (4.19) in secure mode with both CPU cores powered up, likely due to the missing PSCI firmware in secure mode. When booting in nonsecure mode the kernel recognizes both CPU cores while CAAM isn't working. Basically it's the same issue as discussed at
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
spinics.net%2Flists%2Fu-boot-v2%2Fmsg33873.html&data=02%7C01%7 Cpen
g.fan%40nxp.com%7C69f453b8841a47775d7608d705edd3ee%7C686ea1d3b c2b4c6fa
92cd99c5c301635%7C0%7C0%7C636984391331231662&sdata=MtD5x 15k3vvgBMr
vqBaZBY9G8AFD0WuE9J8XxIP%2Fz%2Bk%3D&reserved=0
I'm using the latest mainline U-Boot (2019.07-rc4) with CONFIG_ARMV7_BOOT_SEC_DEFAULT=y. Is there anything I can do about
this issue?
Try "setenv bootm_boot_mode nonsec" in U-Boot stage.
Thank you and best regards
Tobias
U-Boot mailing list U-Boot@lists.denx.de https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
s.denx.de%2Flistinfo%2Fu-boot&data=02%7C01%7Cpeng.fan%40nxp.co m%7C
69f453b8841a47775d7608d705edd3ee%7C686ea1d3bc2b4c6fa92cd99c5c30 1635%7C
0%7C0%7C636984391331231662&sdata=Ra4mzQpiZpANam1gyhhsy2g WMHNH3JRNr
ryP%2BPOiqsM%3D&reserved=0
I might be mistaken, but AFAIK there was on-going work done by Peng Fan regarding proper CAAM initialization in the OP-TEE and further usage in the mainline kernel.
Silvano was doing the CAAM part in OP-TEE.
As I understood, the initial initialization of the jobrings is done in OP-TEE (which is booted before U-boot) in secure world, and then linux kernel, running in normal world, should be able to use it. Regarding PSCI, frankly, I have no idea who particularly should provide it's support here: U-boot or OP-TEE (taking into account that in this setup U-boot is booted in non-secure PL2, so OP-TEE is the only one, who is able to provide secure runtime services, so-called secure monitor).
BTW, I also saw some setups, where similar things to do the same in U-boot (when it's booted in secure mode), which also does have it's own implementation of secure monitor(subsequently PSCI) and CAAM driver, which probably does the same type of initialization, as in OP-TEE.
Peng, Could you please provide some comments regarding this? Thanks!
There is psci services in U-Boot too. If want non-secure kernel without OP-TEE, Need set "setenv bootm_boot_mode nonsec " in U-Boot stage. If want run OP-TEE, not set the env.
Regards, Peng.
-- Best regards - Freundliche GrĂ¼sse - Meilleures salutations
Igor Opaniuk
mailto: igor.opaniuk@gmail.com skype: igor.opanyuk +380 (93) 836 40 67 https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fua.linke din.com%2Fin%2Fiopaniuk&data=02%7C01%7Cpeng.fan%40nxp.com%7 C69f453b8841a47775d7608d705edd3ee%7C686ea1d3bc2b4c6fa92cd99c5c3 01635%7C0%7C0%7C636984391331231662&sdata=%2B8TlRt9QP6mV wMhc3TtHxaZdM%2FvSx09Jz%2BpFhJOlgvg%3D&reserved=0