Hi Achin,
Thanks for the feedback.
This is use case when user doing development, testing and bring up the board, they can use this option to run their script on U-Boot shell to access these secure region. Once they have finished the development, and testing, then user can switch U-Boot into EL2. This flexibility would definitely giving some degree of convenience for development and testing.
Thanks.
From: Achin Gupta Achin.Gupta@arm.com Sent: Tuesday, 27 April, 2021 4:38 PM To: tf-a@lists.trustedfirmware.org; Loh, Tien Hock tien.hock.loh@intel.com Cc: Chee, Tien Fong tien.fong.chee@intel.com; See, Chin Liang chin.liang.see@intel.com; Hea, Kok Kiang kok.kiang.hea@intel.com Subject: Re: Run BL33 (u-boot) in EL3
Hi Tien Hock,
The maintainers will have more thoughts on this but my $0.02 fwiw.
I cannot see why the Trusted Firmware project should carry any option that enables use of EL3 by users who do not care about security. EL3 is not meant to run u-boot with a shell that can be used to fiddle with secure memory. This flies against the basic security principles that the project is built upon.
cheers, Achin
________________________________ From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> on behalf of Loh, Tien Hock via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Sent: 27 April 2021 09:02 To: tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Cc: Chee, Tien Fong <tien.fong.chee@intel.commailto:tien.fong.chee@intel.com>; See, Chin Liang <chin.liang.see@intel.commailto:chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.commailto:kok.kiang.hea@intel.com> Subject: [TF-A] Run BL33 (u-boot) in EL3
Hi,
I'm maintaining TF-A for Intel SoCFPGA platform.
Would it be possible if we should have the option to run BL33 (u-boot in our case) in EL3?
The Intel SoCFPGA platform u-boot used to handle all SMC calls:
SPL u-boot (EL3) -> u-boot (EL3)
And we have since move to use TF-A's BL31, thus boot became SPL u-boot (EL3) -> TF-A BL31 (EL3) -> u-boot (EL2)
Main reason is that some users would like to keep u-boot at EL3 as they do not care about security, and some users wanted to run some debugging read/write to secure region in u-boot shell.
Thanks
Tien Hock