> Subject: Re: [U-Boot] imx7d: CPU core issue in secure mode > > + Peng > > Hi Tobias, Peng, > > On Thu, Jul 4, 2019 at 2:20 PM Tobias Junghans <tobias.jungh...@veyon.io> > wrote: > > > > Hi, > > > > I'm trying to get an imx7d-based Colibris board running in secure mode > > in order to be able to use the CAAM, especially the HWRNG. However it > > seems like it's currently not possible to boot a mainline kernel > > (4.19) in secure mode with both CPU cores powered up, likely due to > > the missing PSCI firmware in secure mode. When booting in nonsecure > > mode the kernel recognizes both CPU cores while CAAM isn't working. > > Basically it's the same issue as discussed at > > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > > > spinics.net%2Flists%2Fu-boot-v2%2Fmsg33873.html&data=02%7C01%7 > Cpen > > > g.fan%40nxp.com%7C69f453b8841a47775d7608d705edd3ee%7C686ea1d3b > c2b4c6fa > > > 92cd99c5c301635%7C0%7C0%7C636984391331231662&sdata=MtD5x > 15k3vvgBMr > > vqBaZBY9G8AFD0WuE9J8XxIP%2Fz%2Bk%3D&reserved=0 > > > > I'm using the latest mainline U-Boot (2019.07-rc4) with > > CONFIG_ARMV7_BOOT_SEC_DEFAULT=y. Is there anything I can do about > this issue?
Try "setenv bootm_boot_mode nonsec" in U-Boot stage. > > > > Thank you and best regards > > > > Tobias > > > > > > _______________________________________________ > > U-Boot mailing list > > U-Boot@lists.denx.de > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > > > s.denx.de%2Flistinfo%2Fu-boot&data=02%7C01%7Cpeng.fan%40nxp.co > m%7C > > > 69f453b8841a47775d7608d705edd3ee%7C686ea1d3bc2b4c6fa92cd99c5c30 > 1635%7C > > > 0%7C0%7C636984391331231662&sdata=Ra4mzQpiZpANam1gyhhsy2g > WMHNH3JRNr > > ryP%2BPOiqsM%3D&reserved=0 > > I might be mistaken, but AFAIK there was on-going work done by Peng Fan > regarding proper CAAM initialization in the OP-TEE and further usage in the > mainline kernel. Silvano was doing the CAAM part in OP-TEE. > > As I understood, the initial initialization of the jobrings is done in OP-TEE > (which is booted before U-boot) in secure world, and then linux kernel, > running in normal world, should be able to use it. > Regarding PSCI, frankly, I have no idea who particularly should provide it's > support here: U-boot or OP-TEE (taking into account that in this setup U-boot > is booted in non-secure PL2, so OP-TEE is the only one, who is able to provide > secure runtime services, so-called secure monitor). > > BTW, I also saw some setups, where similar things to do the same in U-boot > (when it's booted in secure mode), which also does have it's own > implementation of secure monitor(subsequently PSCI) and CAAM driver, > which probably does the same type of initialization, as in OP-TEE. > > > Peng, > Could you please provide some comments regarding this? Thanks! There is psci services in U-Boot too. If want non-secure kernel without OP-TEE, Need set "setenv bootm_boot_mode nonsec " in U-Boot stage. If want run OP-TEE, not set the env. Regards, Peng. > > -- > Best regards - Freundliche GrĂ¼sse - Meilleures salutations > > Igor Opaniuk > > mailto: igor.opan...@gmail.com > skype: igor.opanyuk > +380 (93) 836 40 67 > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fua.linke > din.com%2Fin%2Fiopaniuk&data=02%7C01%7Cpeng.fan%40nxp.com%7 > C69f453b8841a47775d7608d705edd3ee%7C686ea1d3bc2b4c6fa92cd99c5c3 > 01635%7C0%7C0%7C636984391331231662&sdata=%2B8TlRt9QP6mV > wMhc3TtHxaZdM%2FvSx09Jz%2BpFhJOlgvg%3D&reserved=0 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
