I'm working on a project for ChromeOS where we would like to be able to load the BL32 payload  (OpTee) for SEL-1 after the linux kernel has booted rather than during the usual BL32 stage. We would do this via an SMC we would add which would take the OpTee image from linux and then have EL3 load it and perform the init for SEL-1 at that time.

The reasoning behind this is that it's much easier to update the rootfs than the FW on our devices, and we can still ensure the integrity of the OpTee image if we load it early enough after the kernel boots.

The main questions I have are if there are any issues people would be aware of by loading it after linux boots rather than during the usual BL32 stage?

And I would definitely want to upstream this work if it's something we can do.

Thanks,

Jeffrey Kardatzke

Google, Inc.