Hi Tien Hock,
The maintainers will have more thoughts on this but my $0.02 fwiw.
I cannot see why the Trusted Firmware project should carry any option that enables use of EL3 by users who do not care about security. EL3 is not meant to run u-boot with a shell that can be used to fiddle with secure memory. This flies against the basic security principles that the project is built upon.
cheers, Achin
________________________________ From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Loh, Tien Hock via TF-A tf-a@lists.trustedfirmware.org Sent: 27 April 2021 09:02 To: tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org Cc: Chee, Tien Fong tien.fong.chee@intel.com; See, Chin Liang chin.liang.see@intel.com; Hea, Kok Kiang kok.kiang.hea@intel.com Subject: [TF-A] Run BL33 (u-boot) in EL3
Hi,
I’m maintaining TF-A for Intel SoCFPGA platform.
Would it be possible if we should have the option to run BL33 (u-boot in our case) in EL3?
The Intel SoCFPGA platform u-boot used to handle all SMC calls:
SPL u-boot (EL3) -> u-boot (EL3)
And we have since move to use TF-A’s BL31, thus boot became SPL u-boot (EL3) -> TF-A BL31 (EL3) -> u-boot (EL2)
Main reason is that some users would like to keep u-boot at EL3 as they do not care about security, and some users wanted to run some debugging read/write to secure region in u-boot shell.
Thanks
Tien Hock