I cannot see why the Trusted Firmware project should carry any option that enables use of EL3 by users who do not care about security. EL3 is not meant to run u-boot with a shell that can be used to fiddle with secure memory. This flies against the basic security principles that the project is built upon.

From: TF-A <tf-a-bounces@lists.trustedfirmware.org> on behalf of Loh, Tien Hock via TF-A <tf-a@lists.trustedfirmware.org>
Sent: 27 April 2021 09:02
To: tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Cc: Chee, Tien Fong <tien.fong.chee@intel.com>; See, Chin Liang <chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>
Subject: [TF-A] Run BL33 (u-boot) in EL3

Hi,

I’m maintaining TF-A for Intel SoCFPGA platform.

Would it be possible if we should have the option to run BL33 (u-boot in our case) in EL3?

The Intel SoCFPGA platform u-boot used to handle all SMC calls:

SPL u-boot (EL3) -> u-boot (EL3)

And we have since move to use TF-A’s BL31, thus boot became
SPL u-boot (EL3) -> TF-A BL31 (EL3) -> u-boot (EL2)

Main reason is that some users would like to keep u-boot at EL3 as they do not care about security, and some users wanted to run some debugging read/write to secure region in u-boot shell.

Thanks

Tien Hock