On 09/04/2015 15:58, Edgar E. Iglesias wrote: > Hi Paulo, > > How would this work with XIP off the romd region? > Without s/ns address spaces, CPUs in NS state will be able to execute > and access data while in ROMD state won't they?
Good point! In fact, even with S/NS address spaces, the ROMD state is global across all CPUs, so if one CPU does a secure write all other CPUs would fail to access the ROM in non-secure mode. Even if I modified pflash_mem_read to return ROM contents, it would fail to execute. This works for UEFI because the reset vector is the only executable code in the flash. The actual firmware volumes are compressed. > I may be missing something... You may also be missing (I didn't say it) that this is for x86 not ARM. :-> Paolo
