Hi Achin,

 

Thanks for the feedback.

 

This is use case when user doing development, testing and bring up the board, they can use this option to run their script on U-Boot shell to access these secure region. Once they have finished the development, and testing, then user can switch U-Boot into EL2. This flexibility would definitely giving some degree of convenience for development and testing.

 

Thanks.

 

From: Achin Gupta <Achin.Gupta@arm.com>
Sent: Tuesday, 27 April, 2021 4:38 PM
To: tf-a@lists.trustedfirmware.org; Loh, Tien Hock <tien.hock.loh@intel.com>
Cc: Chee, Tien Fong <tien.fong.chee@intel.com>; See, Chin Liang <chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>
Subject: Re: Run BL33 (u-boot) in EL3

 

Hi Tien Hock,

 

The maintainers will have more thoughts on this but my $0.02 fwiw.

 

I cannot see why the Trusted Firmware project should carry any option that enables use of EL3 by users who do not care about security. EL3 is not meant to run u-boot with a shell that can be used to fiddle with secure memory. This flies against the basic security principles that the project is built upon.

 

cheers,
Achin

 


From: TF-A <tf-a-bounces@lists.trustedfirmware.org> on behalf of Loh, Tien Hock via TF-A <tf-a@lists.trustedfirmware.org>
Sent: 27 April 2021 09:02
To: tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Cc: Chee, Tien Fong <tien.fong.chee@intel.com>; See, Chin Liang <chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>
Subject: [TF-A] Run BL33 (u-boot) in EL3

 

Hi,

 

I’m maintaining TF-A for Intel SoCFPGA platform.

Would it be possible if we should have the option to run BL33 (u-boot in our case) in EL3?

 

The Intel SoCFPGA platform u-boot used to handle all SMC calls:

SPL u-boot (EL3) -> u-boot (EL3)

And we have since move to use TF-A’s BL31, thus boot became
SPL u-boot (EL3) -> TF-A BL31 (EL3) -> u-boot (EL2)

 

Main reason is that some users would like to keep u-boot at EL3 as they do not care about security, and some users wanted to run some debugging read/write to secure region in u-boot shell.

 

Thanks

Tien Hock