Le mar. 27 avr. 2021 à 11:04, Loh, Tien Hock via TF-A <tf-a@lists.trustedfirmware.org> a écrit :


Yes that’s what I have suspected in the first place, but no harm asking :)


Tien Fong,

As per discussed, we could probably expose the a compile time option in BL31 that expose a command that read/write to the secure domain.

That case, u-boot shell will be able to access secure domain and not need to run in EL3.

Would you allow an OS to access underlying hypervisor ? 
In essence this is what you are asking:
there are architectural services such as kicking off a new cpu that are supposed to be routed to the right service handler (PSCI) or secure firmware updates with anti-bricking support.... 

Could you be more specific on what you want to do and why ?
 That may help us advise on achieving your goals while still being architecturally correct.




From: Chee, Tien Fong <tien.fong.chee@intel.com>
Sent: Tuesday, April 27, 2021 5:01 PM
To: Achin Gupta <Achin.Gupta@arm.com>; tf-a@lists.trustedfirmware.org; Loh, Tien Hock <tien.hock.loh@intel.com>
Cc: See, Chin Liang <chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>
Subject: RE: Run BL33 (u-boot) in EL3


Hi Achin,


Thanks for the feedback.


This is use case when user doing development, testing and bring up the board, they can use this option to run their script on U-Boot shell to access these secure region. Once they have finished the development, and testing, then user can switch U-Boot into EL2. This flexibility would definitely giving some degree of convenience for development and testing.




From: Achin Gupta <Achin.Gupta@arm.com>
Sent: Tuesday, 27 April, 2021 4:38 PM
To: tf-a@lists.trustedfirmware.org; Loh, Tien Hock <tien.hock.loh@intel.com>
Cc: Chee, Tien Fong <tien.fong.chee@intel.com>; See, Chin Liang <chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>
Subject: Re: Run BL33 (u-boot) in EL3


Hi Tien Hock,


The maintainers will have more thoughts on this but my $0.02 fwiw.


I cannot see why the Trusted Firmware project should carry any option that enables use of EL3 by users who do not care about security. EL3 is not meant to run u-boot with a shell that can be used to fiddle with secure memory. This flies against the basic security principles that the project is built upon.




From: TF-A <tf-a-bounces@lists.trustedfirmware.org> on behalf of Loh, Tien Hock via TF-A <tf-a@lists.trustedfirmware.org>
Sent: 27 April 2021 09:02
tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Cc: Chee, Tien Fong <
tien.fong.chee@intel.com>; See, Chin Liang <chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>
Subject: [TF-A] Run BL33 (u-boot) in EL3




I’m maintaining TF-A for Intel SoCFPGA platform.

Would it be possible if we should have the option to run BL33 (u-boot in our case) in EL3?


The Intel SoCFPGA platform u-boot used to handle all SMC calls:

SPL u-boot (EL3) -> u-boot (EL3)

And we have since move to use TF-A’s BL31, thus boot became
SPL u-boot (EL3) -> TF-A BL31 (EL3) -> u-boot (EL2)


Main reason is that some users would like to keep u-boot at EL3 as they do not care about security, and some users wanted to run some debugging read/write to secure region in u-boot shell.



Tien Hock


TF-A mailing list
François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group
T: +33.67221.6485
francois.ozog@linaro.org | Skype: ffozog