On Sat, 2018-07-14 at 00:11 +0000, Henry Beberman wrote:
From: Henry Beberman henry.beberman@microsoft.com
This patch is part of the i.MX Windows 10 IoT Core boot flow.
It adds a modified linker script for SPL to keep all segments in on-chip ram. This is to harden the device against potential leaks of device secrets by keeping them out of DRAM.
Additionally if CONFIG_SYS_SPL_MALLOC_START is defined, it will override the CONFIG_SPL_SYS_MALLOC_SIMPLE and allocate space in DRAM instead of on-chip ram. This patch prevents the definition of those values for i.MX6 and i.MX7 SPL if CONFIG_OPTEE_SPL_BOOT is selected.
Is booting SPL from entirely from SRAM only useful in concert with OPTEE?
For instance, if I'm building a device that doesn't use OPTEE and yet want it to be secure, would I want to keep the SPL entirely in SRAM?