Hi François

 

Yes we’re transitiong from u-boot/spl + u-boot proper to TFA + u-boot.

The existing u-boot proper was configured to run in EL3 instead of EL2.

Current plan is that Tien Fong will be creating a workaround solution for user to expose the secure register via SMC call.

 

Thanks

 

From: François Ozog <francois.ozog@linaro.org>
Sent: Wednesday, April 28, 2021 2:51 PM
To: Loh, Tien Hock <tien.hock.loh@intel.com>
Cc: Achin Gupta <Achin.Gupta@arm.com>; Chee, Tien Fong <tien.fong.chee@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>; See, Chin Liang <chin.liang.see@intel.com>; tf-a@lists.trustedfirmware.org
Subject: Re: [TF-A] Run BL33 (u-boot) in EL3

 

 

 

Le mer. 28 avr. 2021 à 03:00, Loh, Tien Hock <tien.hock.loh@intel.com> a écrit :

Hi François,

 

We currently do not support hypervisor.

What we’re trying to achieve here is to run the BL33 payload (u-boot in our case) in EL3.

Main reason is backwards compatibility. The u-boot that we used to have is running in EL3, thus some users uses u-boot in EL3 to access secure region of the platform.

I wonder if you are actually transitioning from U-Boot/SPL + U-Boot l/“proper” 

to 

TFA + U-Boot.

U-Boot/SPL is the piece of code that sets up DRAM and loads U-Boot/“proper”. The SPL part runs at EL3, U-Boot “proper” is at EL2.

SPL is replaced by various TFA components, U-Boot “proper” stays the same.

 

Manish does propose using EL3_PAYLOAD_BASE to see if it fits my use case. I’ll take a look there

 

Thanks for the response

 

From: François Ozog <francois.ozog@linaro.org>
Sent: Wednesday, April 28, 2021 3:15 AM
To: Loh, Tien Hock <tien.hock.loh@intel.com>
Cc: Achin Gupta <Achin.Gupta@arm.com>; Chee, Tien Fong <tien.fong.chee@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>; See, Chin Liang <chin.liang.see@intel.com>; tf-a@lists.trustedfirmware.org
Subject: Re: [TF-A] Run BL33 (u-boot) in EL3

 

 

 

Le mar. 27 avr. 2021 à 11:04, Loh, Tien Hock via TF-A <tf-a@lists.trustedfirmware.org> a écrit :

Achin,

Yes that’s what I have suspected in the first place, but no harm asking :)

 

Tien Fong,

As per discussed, we could probably expose the a compile time option in BL31 that expose a command that read/write to the secure domain.

That case, u-boot shell will be able to access secure domain and not need to run in EL3.

Would you allow an OS to access underlying hypervisor ? 

In essence this is what you are asking:

there are architectural services such as kicking off a new cpu that are supposed to be routed to the right service handler (PSCI) or secure firmware updates with anti-bricking support.... 

 

Could you be more specific on what you want to do and why ?

 That may help us advise on achieving your goals while still being architecturally correct.

 

Thanks

 

From: Chee, Tien Fong <tien.fong.chee@intel.com>
Sent: Tuesday, April 27, 2021 5:01 PM
To: Achin Gupta <Achin.Gupta@arm.com>; tf-a@lists.trustedfirmware.org; Loh, Tien Hock <tien.hock.loh@intel.com>
Cc: See, Chin Liang <chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>
Subject: RE: Run BL33 (u-boot) in EL3

 

Hi Achin,

 

Thanks for the feedback.

 

This is use case when user doing development, testing and bring up the board, they can use this option to run their script on U-Boot shell to access these secure region. Once they have finished the development, and testing, then user can switch U-Boot into EL2. This flexibility would definitely giving some degree of convenience for development and testing.

 

Thanks.

 

From: Achin Gupta <Achin.Gupta@arm.com>
Sent: Tuesday, 27 April, 2021 4:38 PM
To: tf-a@lists.trustedfirmware.org; Loh, Tien Hock <tien.hock.loh@intel.com>
Cc: Chee, Tien Fong <tien.fong.chee@intel.com>; See, Chin Liang <chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>
Subject: Re: Run BL33 (u-boot) in EL3

 

Hi Tien Hock,

 

The maintainers will have more thoughts on this but my $0.02 fwiw.

 

I cannot see why the Trusted Firmware project should carry any option that enables use of EL3 by users who do not care about security. EL3 is not meant to run u-boot with a shell that can be used to fiddle with secure memory. This flies against the basic security principles that the project is built upon.

 

cheers,
Achin

 


From: TF-A <tf-a-bounces@lists.trustedfirmware.org> on behalf of Loh, Tien Hock via TF-A <tf-a@lists.trustedfirmware.org>
Sent: 27 April 2021 09:02
To:
tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Cc: Chee, Tien Fong <
tien.fong.chee@intel.com>; See, Chin Liang <chin.liang.see@intel.com>; Hea, Kok Kiang <kok.kiang.hea@intel.com>
Subject: [TF-A] Run BL33 (u-boot) in EL3

 

Hi,

 

I’m maintaining TF-A for Intel SoCFPGA platform.

Would it be possible if we should have the option to run BL33 (u-boot in our case) in EL3?

 

The Intel SoCFPGA platform u-boot used to handle all SMC calls:

SPL u-boot (EL3) -> u-boot (EL3)

And we have since move to use TF-A’s BL31, thus boot became
SPL u-boot (EL3) -> TF-A BL31 (EL3) -> u-boot (EL2)

 

Main reason is that some users would like to keep u-boot at EL3 as they do not care about security, and some users wanted to run some debugging read/write to secure region in u-boot shell.

 

Thanks

Tien Hock

 

--
TF-A mailing list
TF-A@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-a

--

Image removed by sender.

François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group

T: +33.67221.6485
francois.ozog@linaro.org | Skype: ffozog

--

François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group

T: +33.67221.6485
francois.ozog@linaro.org 
| Skype: ffozog