Hi Manish, BL2 at EL3 vs BL2 at S_EL1 for a V8 system does not make any difference security point of view with the current TBBR / tf-a reference implementation. There has to be a significantly different design and refactor to TBBR implementation and additional responsibility to EL3 firmware to take advantage of the EL3 root world in v9 (miniscule or maybe none? on v8 if at all). With the current tf-a design can we say that BL2_AT_EL3 is equally secure (or vulnerable !) as BL2 at S_EL1 system.
Since with v9 consciously tf-a could move to run BL2 at EL3 (root world really high privilege and RPAS unlike v8 El3 runtime with no PAS isolation from S_ELx) I think its contradicting to think running BL2 at S_EL3 is less secure in a v8 system. Because all that (BL2 large attack surface ..more drivers) apply to current tf-a on v9.
Anyway I am more concerned about only v8 right now.
S-EL1 cannot access EL3 registers
Agree, but what would be the motivation to access those when you have S-EL1 in control. All secure services are compromised. eg: the secure os S_EL2 S_EL1 What is the benefit to guard EL3 on v8.
Thanks Sandeep